spf-discuss
[Top] [All Lists]

RE: Maybe simple question

2003-12-13 19:21:09
OK, we need to get the basics cleared up first, then.

Can we assume that the MTA is performing SPF checks while the SMTP
connection is still up?

Either way, it doesn't matter.  It can be done while the smtp connection is
still open, or spf can do it after smtp connection has closed; my point
remains valid:

The mta that is receiving a message via smtp knows one thing for a fact:  It
knows the IP address at the other end of the smtp connection.  For now let's
just assume it is 130.64.64.129

(Verification Method 1 - Unspoofable information. IP address of last relay)
If it were safe to assume that 130.64.64.129 will only pass along messages
that are already verified, then your authentication is already finished.
This concept is the basis for Certificate Authority based verification
schemes.

If you don't want to use a CA based authentication scheme, there is only one
alternative:

(Verification Method 2 - Spoof detection)
After the relay opens the smtp connection, the relay says something that
could only be said by the real sender, and you must verify it.

For example, let's suppose the relay submits an email that claims to be from
joe(_at_)joe(_dot_)com  And let's suppose that message had a signature in it.  
If you
(the receiver's MTA) could compare that signature against a known-good
signature for joe(_at_)joe(_dot_)com, then you could assume the message really 
came
from joe(_at_)joe(_dot_)com(_dot_)  (Provided that spoofers cannot forge the 
signature, as is
the case with encrypted private keys.)  Unfortunately encryption is illegal
for about 1/3 of the world's population.

Another type of unforgable signature that isn't encrypted is the type I use
in MVP.

Now on to SPF --

First, just accept it that email will be passed along by relays.  (Somebody
earlier said message delivery is usually direct, and I'm just defying that
by saying Message delivery is not often direct.  It is done by relays.)

Second, let me make this assumption -- If joe(_at_)joe(_dot_)com sends a 
message to
mary(_at_)mary(_dot_)com, then it should say it's from 
joe(_at_)joe(_dot_)com(_dot_)  In other words, I
am saying that relays should not change the email address of the sender.  If
relays were to change the sender's address, then Mary will have no idea who
sent it, because the path from joe to mary is not guaranteed.  Especially if
they travel.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>