spf-discuss
[Top] [All Lists]

2004: The Year That Promised Email Authentication

2005-01-03 03:23:07

Yakov Shafranovich has written another very informative peice on email
authentication.  It is a good over view of what is going on.  See:

http://www.circleid.com/article/855_0_1_0_C/

The only error that I saw in it is the claim that Caller-ID and
Sender-ID are "message authentication" system.  They, like SPF, are
path authentication systems.  They all require each hope along the path to
authenticate the email, and if any hop fails to correctly prepare the
email for the next hope (SRS for SPF, email headers for SID/CID), then
the authentication will fail.

Things like SES, IIM and DK are "message authentication" systems
because it doesn't make any difference what path the email takes, the
final email can be authenticated.  Of course, this requires that the
message not be munged (too much) during transmission, and there is
also the replay attack problem, where by if a spammer can get one
email signed with the proper signature, the spammer can then send
millions of copies and they will all be able to use the reputation
that the signature gives.


-wayne



<Prev in Thread] Current Thread [Next in Thread>
  • 2004: The Year That Promised Email Authentication, wayne <=