[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] mail security

To: Alessandro Vesely <vesely at tana.it>
Subject: Re: [Asrg] mail security
From: John Leslie <john at jlc.net>
Date: Wed, 21 Jan 2009 12:27:56 -0500
Cc: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Delivered-to: ietfarch-asrg-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <497747B8.5030206 at tana.it>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <C1A3AC106E91AB28E2226803 at lewes.staff.uscs.susx.ac.uk> <20090120145354.57509.qmail at simone.iecc.com> <20090120155005.GJ24908 at verdi> <497747B8.5030206 at tana.it>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org
User-agent: Mutt/1.4.1i

   I was intentionally vague...

   However, there are a limited number of ways that forwarding might be
shown in the trace headers, so it should be practical to determine that
a forwarding is documented (though possibly forged).

   We then have a quite different situation from what raw SPF processing
would indicate. Thus I claim the rules deserve to be relaxed (without
going into detail how).

   Forging headers to indicate forwarding which didn't happen indicates
evil intent, and should be practical to block-list like other spamming
IPs. Well-known forwarders could be whitelisted, enabling us to trust
their pre-forwarding headers. Et cetera...

>> And I see promise in the use of the pending Authentication-Results
>> header (though I must agree with Doug Otis that it would be stronger
>> if it included the IP address).
> 
> Hm... the header's name suggests it is reporting already acquired 
> results, as had been noted. I'm surprised Doug didn't propose an 
> additional test more in tune with that spirit, e.g.
> 
>    Authentication-Results: example.com;
>      dnsbl=pass zone=zen.spamhaus.org address=192.0.2.3

   I'll let Doug speak for himself. I didn't propose such a thing
because I believe arguing over extensions would detract from getting
the basic header adopted.

   (I do believe that adding a resinfo listing the IP address is a
practical way to deal with SPF's choice to omit it from their resinfo.)

--
John Leslie <john at jlc.net>
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] mail security
  - From: Ian Eiloart

References:
- Re: [Asrg] where the message originated (was: DKIM role?) (SM)
  - From: Ian Eiloart
- Re: [Asrg] mail security
  - From: John Levine
- Re: [Asrg] mail security
  - From: John Leslie
- Re: [Asrg] mail security
  - From: Alessandro Vesely

Prev by Date: Re: [Asrg] where the message originated (was: DKIM role?) (SM)
Next by Date: [Asrg] DK & DKIM (was Re: SPF, was where the message)
Previous by thread: Re: [Asrg] mail security
Next by thread: Re: [Asrg] mail security
Index(es):
- Date
- Thread