[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Alternative Mail-Systeme (was: AW: Spamhaus PBL)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Liste!

On Monday 15 January 2007 10:49, Otmar Lendl wrote:
> [W]ie sich auch bei SPF &
> co gezeigt hat: An dem was fundamental zu aendern, ist ernsthaft
> schwer. (Weil: Jeder, der nur noch mail ueber das "neue verfahren"
> annimmt, schliesst sich selber von allen ev. wichtigen mailpartner aus,
> die noch nicht umgestellt haben.)
>
> Hier den tipping point zu erreichen, wird nicht einfach.

Vor kurzem wurden bei mir die ersten (weitergeleiteten) Mails wegen 
SPF "Verletzungen" [1] abgewiesen. Ich habe mich dann ein wenig wegen SRS 
Implementierungen umgeschaut und einen netten Artikel gefunden:

"Reverse-Path Rewriting (aka Sender Rewriting Scheme) in Exim 4"
http://www.infradead.org/rpr.html

> SRS on its own, however, does look like a potential solution to the
> original problem which SPF tries to solve; the problem of faked senders in
> MAIL FROM:.
>
> [...] Since there is never any valid mail sent from those addresses, they
> are configured never to accept bounces. [...]
>
> This also means that third parties implementing sender verification
> callouts, to check that a bounce would be accepted to the address from
> which the mail they're being offered claims to come, will find that a
> bounce would not be accepted, and will therefore refuse to accept the mail
> with those addresses faked as the sender.
>
> By using SRS, it's possible to protect even a current, valid email address
> in this fashion. I can use SRS on all my outgoing mail such that I no
> longer send mail with, for example, 'dwmw2@infradead.org' as its SMTP
> reverse-path. Then when all machines are updated to do SMTP AUTH via the
> SRS-capable servers, I can start to reject bounces to that address.

Da der Hash in einem SRS MAIL FROM: ja ein überprüfbares, nicht fälschbares 
Secret enthält kann eine so gekenntzeichnete Mail auch normal weitergeleitet 
werden, da ja Callouts zu den richtigen MX gehen.

Was haltet ihr davon?


MfG David

[1] Hallo eunet, Hallo utanet!
- -- 
As a general rule, if end users want to smash something repeatedly with a 
sledgehammer, that's a sign of bad UI.
        -- Bran Cohen (bittorrent)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFq1lE/Pp1N6Uzh0URAhqJAKCcjpoCpB1ndgHHW2zHvA8ACXwV/QCgjvdd
6h4vNnQFREklliCb+uKiEzs=
=MTrc
-----END PGP SIGNATURE-----