spf-discuss
[Top] [All Lists]

Re: Maybe simple question

2003-12-12 09:40:27
On Fri, Dec 12, 2003 at 08:40:59AM -0500, Edward Ned Harvey wrote:
How does the receiver's mailserver know what IP address the message came
from?

Either the MTA knows the remote IP of the connection to its SMTP port, or it
will add a reliable Received: header (you can trust your own mail server,
hopefully) for further processing by clients.

SPF compliant MTAs that do forwarding should rewrite sender addresses. It
should be understood that validation of rewritten addresses (this process
can be spoofed as well) will continue to rely on networks of blacklisted and
whitelisted hosts; and that domains that implement SPF are aware of
consequences regarding to forwarders or remailers.

1- Base the verification on the *last* IP address of the *last* relay that
talks to the receiver.  Basically have a Certificate Authority or something
like that that says "You have a message coming from 123.213.020.111?  You
can trust that guy.  It's real."

That's basically what SPF does: MTAs check the incoming IP address with SPF
entries from a domain. SPF just doesn't rely on a central authority, and it
doesn't need to as it's just one step in combatting spam and forgeries.
SPF doesn't build a trust list, it just shapes the conditions under which a
trust list can reliable be created.

2- Encode something in the message that could only have been put there by
the real sender.  Perhaps a signature key.  Perhaps a Message ID that was
created by the sender's mailserver using a password.  Or some other idea.

While user-specific settings are possible in SPF (to opt-out for example), I
believe user-to-user solutions like PGP/GPG are more suited for this.

Rob
-- 
Rob Kaper     | "In the name of sheer pity, won't someone operate on
cap(_at_)capsi(_dot_)com | Chairman Arafat and put that poor cancer into a 
cleaner
www.capsi.com | environment? -- Rick Brookhiser

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

Attachment: pgpcOkZWttygU.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>