IETF Logo Mail Archive

Re: [Asrg] RMX and MUAs

Hadmut Danisch <hadmut@danisch.de> Wed, 07 May 2003 16:16 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07147 for <asrg-archive@odin.ietf.org>; Wed, 7 May 2003 12:16:18 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h47GPKP31411 for asrg-archive@odin.ietf.org; Wed, 7 May 2003 12:25:20 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47GPK831408 for <asrg-web-archive@optimus.ietf.org>; Wed, 7 May 2003 12:25:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07110; Wed, 7 May 2003 12:15:47 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DRc7-0002h3-00; Wed, 07 May 2003 12:17:51 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19DRc7-0002h0-00; Wed, 07 May 2003 12:17:51 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47GJL831009; Wed, 7 May 2003 12:19:21 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47GGn830869 for <asrg@optimus.ietf.org>; Wed, 7 May 2003 12:16:49 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA06891 for <asrg@ietf.org>; Wed, 7 May 2003 12:07:17 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DRTs-0002cx-00 for asrg@ietf.org; Wed, 07 May 2003 12:09:20 -0400
Received: from sklave3.rackland.de ([213.133.101.23]) by ietf-mx with esmtp (Exim 4.12) id 19DRTs-0002cm-00 for asrg@ietf.org; Wed, 07 May 2003 12:09:20 -0400
Received: from sodom (uucp@localhost) by sklave3.rackland.de (8.12.9/8.12.9/Debian-1) with BSMTP id h47GA7rN009653 for asrg@ietf.org; Wed, 7 May 2003 18:10:07 +0200
Received: (from hadmut@localhost) by sodom.home.danisch.de (8.12.9/8.12.9/Debian-1) id h47G6Ve2011123 for asrg@ietf.org; Wed, 7 May 2003 18:06:31 +0200
From: Hadmut Danisch <hadmut@danisch.de>
To: asrg@ietf.org
Subject: Re: [Asrg] RMX and MUAs
Message-ID: <20030507160631.GA11071@danisch.de>
References: <20030507052628.GA2718@bok.har> <20030507081205.GC1597@danisch.de> <20030507144310.GA957@bok.har>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20030507144310.GA957@bok.har>
User-Agent: Mutt/1.4i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 07 May 2003 18:06:31 +0200

On Wed, May 07, 2003 at 07:43:10AM -0700, Daniel Erat wrote:
> I understand why RMX is not able to examine RFC 822 headers.  My point
> was that RMX does nothing to curtail the sending of messages with
> forged 822 From: addresses.  Since this is the only sender address
> that most users see, and the address that replies go to (in absence of
> a Reply-To: or related header), I disagree with the assertion that
> this is not a severe problem.


Well, RMX could be used to verify the From: address as well.
Feel free to ask your MTA to do another RMX lookup after 
receiving the message body (and before sending the reply code).
If you like it, you can do it.

My point is not, that RMX would not be able to provide that
kind of security. It could. 

My point is that this kind of security is something you certainly
do not really want to have in some cases. But if you really want,
feel free to use it for the From: address.


Hadmut
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email