On Wed, 8 Dec 2004, Mark wrote:
And as I have been replying ever-since: without the digest, there is
nothing SES offers which I cannot also accomplish with a 'self-signed' SRS
address. Including call-back verification.
The self-signed SRS is basically SES classic. Leave out the duplicate
source domain, and change the leader so as not to confuse software
that "unwraps" SRS, and you have SES classic.
The replay prevention on SRS is fine for forwarding and for rejecting
forged bounces. Replays will only annoy a single victim - not reach
a wide audience. However, SRS does *not* work for authentication.
If you use SRS for authentication, then I can use the signed MAIL FROM
you send me to spam the world while pretending to be you until time
limit expires (typically several days).
SES tries to fix that.
The first attempt to fix the reply attack was to add a message id to the
signature (not a digest) and limit the number of successful validations per
message. There is no need to track validation failures. This is the approach
I plan to use. The limitation is that some recipients, like a large mailing
list that doesn't rewrite MAIL FROM, will have a large number of legitimate
validations, whereas a single recipient will only have a few (one, plus and
forwarders that check SPF). Pooh. Mailing lists *should* rewrite MAIL FROM,
so I will have a low validation limit. No database is required to track
successful validations. An in memory table suffices. If the validation server
crashes or restarts, just begin from scratch. If a replay attack is in
progress, a few more spams will get through - no big deal.
The message digest was an attempt to prevent replay spam without a validation
limit. It does do that, but runs into the problem of forwarders that modify
the message. Or filtering software, like virus scanners, that run before
validation and modify the message. (Adding junk like, "This message scanned
by Cluless AntiVirus.") Part of the message digest is included in the
MAIL FROM signature in place of the message id, so most forgeries are
detected before SMTP DATA. If that passes, the message body is received, and
the full digest can be checked.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.