On Wed, May 11, 2005 at 10:08:07AM +0000, Mark wrote:
I do not see, however, how a MUA can realiably determine which edgeHeaders
are real, and which are faked by the spammer, unless the message was
digitally signed. Or there were always, say, 3 internal MTAs that you know
incoming mail will pass through (in which case it just a matter of finding
the edge).
Let me remove some text from the example:
Received: by MUA
Received: from_trusted virusscanner.example.org
Received: from_trusted mxhost.example.org
Received: from spamhost.spamhouse.invalid
Received: from_trusted goodguy.example.net
Received-SPF: [... resulting in PASS]
X-Spam-Flag: no
(note the difference: from_trusted vs from)
MUA trusts "from_trusted" until it isn't seen anymore.
The trust-domain has control over where this happens and
should of course make sure this is on the edge-server
(MX-host in this example).
Thereafter, all lines can be bogus, including from_trusted.
This means "from spamhost.spamhouse.invalid" is true while
"from_trusted goodguy..." may or may not be a forgery.
All information in the header, such as "X-Spam-Flag" that
comes below "Received: from spamhost.spamhouse.invalid" is
not worth considering, all information upto and including
that line is. In above example, Received-SPF is added by
someone outside the trust-domain and should not be taken
in consideration.
The original proposal had an example that uses extra lines.
Maybe that's better than altering existing header lines.
Anyway, I do not want to take over this proposal so I probably
should stop writing about it.
cheers
alex