On Tue, 2005-05-10 at 13:12 +0200, Alex van den Bogaerdt wrote:
On Tue, May 10, 2005 at 07:09:13AM -0400, Mark Shewmaker wrote:
It would be convenient for MUA's if there were a header item that said:
"I fully and completely trust the previous MTA."
Then this happens:
spammer adds: "I fully and completely trust $mydomain"
then forwards to next hop.
In other words, if I cannot trust the received line, why
would I trust "X-trust-whatever" ?
A hop can only proclaim trust in the previous hop.
There is no variable substitution such as "$mydomain".
So the spammer could only say he trusts the hop previous to his mta,
which doesn't create any vulnerability.
The situation you bring up would translate to something like:
Return-Path <forged-id(_at_)example(_dot_)com> <-\
X-Trust-Previous-Hop: <------Added by last MTA
Received: from border-mta [..] <-----/
Authentication-Results: [..] <=====\
Received-SPF: [..] <======Added by border MTA
Received: from spammer [..] <=====/
X-Trust-Previous-Hop: <----\
Authentication-Results: [..] <-----Added by spammer
Received-SPF: [..] <----/
Received: by spamming-machine [..] <--/
[..]
An MUA looking at the above would trust the top 6 lines, but nothing
below that.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com