[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Thu Aug 19 13:01:38 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeff Rife wrote:
> On 18 Aug 2004 at 13:20, Matthew.van.Eerde at hbinc.com wrote:
>
>>> This then breaks forwarding, one of the advantages of DomainKeys
>>> over SPF.
>>
>> How so? Email forwarding works, so long as the forwarding agent
>> (say, forwarder.example.com) signs the forwarded email with their
>> DomainKey.
>
> You haven't read the spec enough. To do this, the forwarder would
> have to change the "From:" header. Although this is benign, this is
> a type of forgery of the "From:" header, and forgery of the "From:"
> header is what DomainKeys is supposed to stop.
This is true with the spec as it stands. But there are still ways
around this if you're willing to alter the spec.
For example, forwarding could be redefined to use
MAIL FROM: forwarding-agent at from-1.example.com
...
DATA
FROM: original-sender at from-2.example.com
Then DomainKeys could be redefined to use the MAIL FROM: sender as the
source of the DomainKeys lookup rather than the FROM: header. People
worried phishing can add an "ALERT - this was really from
forwarding-agent at from-1.example.com, and not necessarily from
original-sender at from-2.example.com" to the body (AFTER verifying the
DomainKey, of course.)
The problem with both SPF and DomainKeys specs as they stand is that
they tend to gloss over a lot of the messy details with a "there's
probably a way around this..." A comprehensive solution does seem like
it could be worked out, though - it's not *that* difficult, just takes
a deal of thought and consultation with experts and open discussion and
raising of points and (etc...) But the specs as they stand aren't
mature enough.
A solution *is* possible, even though the specs aren't (yet) it.
Worst-case, everyone gets a PGP key, publishes the public key in DNS,
and signs all outgoing mail. Then headers can be thrown around at
will.
Yes, I know that attachments aren't signed and the subject isn't signed
etc. But the subject could be added to the message, so forgeries could
be caught. And MD5 sums of the attachments could be included in the
signed portions of the message, so forgeries could be caught (etc.,
etc... yes, I know there have recently been MD5 collisions
discovered...)
Matthew.van.Eerde at hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
-----BEGIN PGP SIGNATURE-----
Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc
iD8DBQFBJNzmUQQr0VWaglwRArv/AJsEHjnZccS2cSdRtwc2XWsdddmZaACg50Hg
MNKuw/Eq1HVeNklLK1juS2E=
=BtYD
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list