[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Source routing -- why not?

To: Alex van den Bogaerdt <alex@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Source routing -- why not?
From: Tony Finch <dot@xxxxxxxx>
Date: Tue, 30 Nov 2004 12:16:42 +0000
Cc: ietf-mxcomp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx

On Tue, 30 Nov 2004, Alex van den Bogaerdt wrote:
> On Tue, Nov 30, 2004 at 10:43:40AM +0000, Tony Finch wrote:
>
> > > After further deliberation about source routing and SPF, I have come
> > > around to the conclusion that Frank is to some degree right, and if
> > > you want to use SPF/Sender-ID, you should use source routes.
> >
> > Source routes require all mail servers to be open relays.
>
> Why?

Source routes don't record the relationship between a@a, b@b, and c@c. In
your scenario the message to c@c would start MAIL FROM:<@b:a@a>. A spammer
who knows that b is a forwarding host can then spam anyone by sending MAIL
FROM:<> RCPT TO:<@b:victim@target>.

This is why SRS has all the cryptography, in order to provide a secure
replacement for the obsolete and unimplemented RFC821 forward and reverse
paths.

Tony.
-- 
f.a.n.finch  <dot@xxxxxxxx>  http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.

Follow-Ups:
- Re: Source routing -- why not?
  - From: Alex van den Bogaerdt

References:
- Source routing -- why not?
  - From: John Levine
- Re: Source routing -- why not?
  - From: Tony Finch
- Re: Source routing -- why not?
  - From: Alex van den Bogaerdt

Prev by Date: Re: Source routing -- why not?
Next by Date: Re: Source routing -- why not?
Previous by thread: Re: Source routing -- why not?
Next by thread: Re: Source routing -- why not?
Index(es):
- Date
- Thread