spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ignoring rejected mail?

2004-12-01 11:43:25
from [Mark] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
Hannah 
Schroeter
Sent: woensdag 1 december 2004 18:52
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Ignoring rejected mail?




Yes, I understand this.

I wanted to refer to the redundancy of your specific usage of SRS
for non-forwarding (i.e. the hostname in the SRS part equals the
"forwarder" hostname after the @).


Yes, I understand this. :) But that 'redundancy' offers me something a
regular address does not: the ability to detect fake DSN's.


Compare e.g. the SES format of "unique signatures":
S=XXXXXXX=admin(_at_)asarian-host(_dot_)net


That looks a lot like the short-cut SRS0 address I just came up with. :)

  "SRS0=GVNzlx65=OR=admin(_at_)asarian-host(_dot_)net"


(According to Working SES Format Definition 06, which is not current,
but I don't expect really *substantial* changes pertaining to this
argument. ok, it'd be =VXXXXXXX=local-part(_at_)domain, with X being some
time dependant "signature" and V an identifier for the exact validation
method used; not having a marker that it's SES is still under discussion
on the SES list as far as I see.)


I am glad you brought all this up, actually. Because, the way I see it,
SRS and SES can be used quite similarly. SES just adds a digest.

As irony would have it, though, the SES added "digest of the message,
which fully prevents an attacker from being able to re-use and existing
reverse-path with a new message," introduces a type of 'redistribution'
issue, not unlike the 'forwarding' problem the SES proponents so vocally
decry. Namely, where mailing lists/ISP's add their own little message
banner/Anti-Virus blurb. The trick for SES will be to keep things
sufficiently 'fuzzy', yet strict enough for the digest to be of any
relevance.

BTW, wasn't there a "without digest" signature in SES too?

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF Council Mailing List, wayne
Next by Date:  RE: Ignoring rejected mail?, David Woodhouse
Previous by Thread:  Re: Ignoring rejected mail?, Hannah Schroeter
Next by Thread:  RE: Ignoring rejected mail?, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]