spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: [SPF Classic] Privacy and disclosure of 2821 MAIL FROM

2004-10-07 00:53:48
from [Bruce Barnes] [Permanent Link] 
What is the concern about the issue of privacy in a communication medium
that is based on plain text messages being sent in packets across the
insecure internet?

If we're going to be concerned about the privacy of a MAIL FROM that states
that "Alice" was in a hotel at the time she sent the message, then we've
lost site of the fact that, if captured, the entire message is readable by
anyone.

Let's concentrate on the requirements of getting the SPF protocol made into
a standard that can be adopted and published and not worry about something
over which we have no control.
Bruce Barnes

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Frank 
Ellermann
Sent: Thursday, October 07, 2004 02:35
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: [SPF Classic] Privacy and disclosure of 2821
MAIL FROM


Stephane Bortzmeyer wrote:


Alice is at a conference. She uses the hotel's network to
send mail. She configures her MUA to tell "From:
alice(_at_)mycompany(_dot_)com". But, to be aceptable by SPF MTAs, the
mail will have an envelope from (2821 MAIL FROM) of
"customer(_at_)thehotel(_dot_)com". It is already visible in Return-Path
and the Received headers but a SPF-aware MUA will display it
more prominently and therefore may cause privacy concerns.


The "Return-Path" is no new SPF invention, it's everywhere in
SMTP (for a new example see RfC 3834).  2476bis could be the
place to mention these privacy concerns (if it doesn't already,
I've not checked this), because there you have the MAYs in 6.1
and 8.1 doing something with the mail on the sender's side.

Hiding available info on the side of the receiver would be a
really bad idea,
                 Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [SPF Classic] Privacy and disclosure of 2821 MAIL FROM, Frank Ellermann
Next by Date:  Re: Re: [SPF Classic] Policy best practices should be kept out, Tony Finch
Previous by Thread:  Re: [SPF Classic] Privacy and disclosure of 2821 MAIL FROM, Frank Ellermann
Next by Thread:  Re: Re: [SPF Classic] Privacy and disclosure of 2821 MAIL FROM, Jim Hill
Indexes:  [Date] [Thread] [Top] [All Lists]