[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0

Jan Pieter Cornet johnpc at xs4all.nl
Wed Aug 18 16:52:19 EDT 2004 

On Wed, Aug 18, 2004 at 01:20:23PM -0700, Matthew.van.Eerde at hbinc.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> David F. Skoll wrote:
> > On Wed, 18 Aug 2004 Matthew.van.Eerde at hbinc.com wrote:
> > 
> >> Ehhh... DomainKeys can be trivially saved from this trivial defeat.
> >> Just have the sending MTA create separate envelopes for each
> >> recipient. Then add an X-Envelope-To: header.  Finally have the MTA
> >> sign each envelope independently before delivery.  The
> >> X-Envelope-To: header will be part of the digest.
> > 
> >> On the receiving side, any RCPT TO: <> X-Envelope-To: invalidates the
> >> DomainKey check.
> > 
> > This then breaks forwarding, one of the advantages of DomainKeys over
> > SPF.
> 
> How so?  Email forwarding works, so long as the forwarding agent (say,
> forwarder.example.com) signs the forwarded email with their DomainKey.
> Then the ultimate recipient (or the next server in the line, to be accurate)
> will be sure that the email came from forwarder.example.com.

So it breaks (plain old) forwarding. To sign the mail,
forwarder.example.com will have to change the sender address too. Which
will result in nasty bounce loops if you're not careful.

FYI- any protocol that does not break forwarding is susceptible to
replay attacks, it's quite easy to prove that (just imagine a forwarding
address that happens to forward to `cat /mnt/cd/millions.of.emails.txt`),
so I think breaking plain old forwarding is a feature :) but then what's
domain keys but a complicated (and less powerful, and less mature)
version of SPF?

> It's up to forwarder.example.com to verify that the email really came from
> originalsender.example.com - and find a way to pass that verification result
> on to ultimaterecipient.example.com.  I suggest a X-DomainKey-Result: Pass
> header as a tool for this.

Why should I trust that header? The fact that it was digitally signed by
some "forwarder" doesn't really say much for the validity of the data :)

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet

More information about the MIMEDefang mailing list