On Tue, May 10, 2005 at 07:04:55PM +0200, Julian Mehnle wrote:
Mark Shewmaker wrote:
This is my idea: You can do an MX lookup and thereby find the edge MTAs.
Then you can find the topmost sequence (to account for internal hand-offs)
of "Received:" headers in a message that includes only edge MTAs. The
lowermost "Received:" heder should be where the message entered the
receiver's trusted network, and all headers above that should be
trustworthy.
Hmm. I'm going to have to think about your idea more.
However, imagine you have an mbox file of 10,000 email messages, sent
to (as in body header "To: "):
1. Twenty different addresses/aliases of yours,
2. Ten different mailing lists you subscribe to,
3. And an untold number of other messages for which you were bcc;'d.
And received from five different incoming mail servers whose network
configuration has changed multiple times over the last three years that
this mbox file represents.
Let's also say your MUA reads mbox files this large or larger all the
time, and that you change MUA's about once a year. (In other words,
even if you cache the network query data, the next MUA probably won't
know how to interpret the previous MUA's cache.)
So..I don't think a network-query approach to deciding upon the validity of
in-body-header authentication data scales up to normal real-world use
very well.
An important question remains: what abstract problem is being solved by
knowing the border MTAs of one's mail provider?
Very good question.
Here are the things I'm looking for:
1. For MUAs to know what headers, such as authentication headers,
that they can trust to the extent they trust their incoming mail
servers.
This allows MUA's to reliably interpret all authentication headers.
2. A way for MUA's to be able to figure this out without the
user needing to configure any settings.
3. A way for organizations that do testing at their border MTA's
to have their internal MTA's to be able to let MUA's know both
the results of those tests, and the trustability of those tests,
without those internal MTA's having to edit email content, such
as would be the case with re-ordering of headers.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com