On Wed, 2004-12-08 at 12:33 +0000, Mark wrote:
This has got to be your weakest argument, ever. :)
Is the official SES position now, that mail-bodies which have been altered
somehow, is mail you do not want anyway?
No, that's not what I said -- no more than the 'official SPF' position
is that mail which has been forwarded is mail you do not want anyway.
What a silly way to stick your head into the sand! Denial is not just
a river, you know.
Please do try to keep up. Remember, we're talking about mail which SPF
would have rejected _anyway_, and only a small proportion of _that_ mail
is going to get modified beyond recognition in transit and hence also be
rejected by SES.
Not only is it going to be uncommon for forwarding sites to mangle mail
in a way which would break the signature, but in that tiny minority of
case you also still have all the stupid options that SPF has of just
declaring that forwarding of modified messages is 'forgery', or
suggesting that the final recipient site should refrain from checking
the _digest_ on messages from the forwarder, but still check the
reverse-path for validity, etc. It's no _worse_ than SPF; in fact it's
_much_ better.
Also remember that the message-digest is optional anyway. You don't have
to include one -- I don't. It's been added to foil the mostly
theoretical 'replay attack' which was always going to be time-limited
anyway. It's a far less significant problem than you seem to think.
Seriously, David, if this is SES's answer to dealing with altered
messages, then you're still a far cry from being a serious party in
all of this.
It's orders of magnitude better than the SPF approach which would break
100% of the mail we're talking about here, not just those few mails
(probably < 1%?) which are modified beyond recognition in transit.
I don't think anyone claims to have a magic bullet; all we can do is
make dramatic improvements on whatever else we see.
We've already improved from SPF's success rate of 0% on 'normal'
forwarded mail to something which I'd guess to be at least 99%. We've
removed the need for uninterested third parties to 'upgrade' to cope
with it -- SES can be implemented if _only_ the sender and the recipient
participate; in fact you get to reject all false bounces even when _no_
recipients are participating, and many recipients were _already_ partly
'participating' by doing SMTP callouts. Those recipients are already
rejecting faked mail from senders who use SES, without knowing anything
about it.
If you have constructive comments to make about how we could improve the
success rate even further, perhaps by being more permissive about
canonicalisation of headers, then that input would be much appreciated.
We're talking about minor improvements here though, not trying to
address a fundamental flaw like SPF's assumptions about IP addresses.
--
dwmw2