On Wed, Oct 15, 2003 at 02:53:01PM +0200, Brad Knowles wrote:
At 1:41 PM +0200 2003/10/15, hadmut@danisch.de wrote:
I see. Would you mind if I use "From: bortzmeyer@nic.fr" when I am at home?
You can use whatever you want. There's nothing anyone can do to stop you. Moreover, the header "From:" is totally unrelated to the envelope sender address, and there's nothing in your proposal, or any similar proposal, that could successfully keep clever people from doing this sort of stuff anyway.
Two replies: - So why is Stephane complaining that these proposals would break his ability to use "From: bortzmeyer@nic.fr" ? In fact, none of the proposals would stop him from doing so, but since he complained about this emotionally, I tried to pick up his argument the same way. People should read and understand a draft before attacking it. - The proposals are not intended to stop anyone from forging the From: line for several technical reasons, they are intended to stop forging the envelope sender address. There are very good reasons to do it this way, especially the different semantics of those addresses. The From: line specifies the author of the mail, the envelope address specifies the initiator of the transport. These addresses are not necessarily the same in reality. In many cases they can differ legaly, e.g. for list processors, forwarding, bouncing,... However, if such a mail turns out to be forged (i.e. it has not been written by the sender specified in the From: line) or is any kind of fraud, worm, virus,... then it needs to be tracked back to where it came from to identify the _sender_ . There is no technical way to verify the author, except for cryptographical signatures, which are undeployable in a world wide scale. But there is a way to do a light weight verification of the sender of the message by checking the authorization. That's what RMX and the RMX-like proposals do. You need to understand the technical, legal and semantical difference between sender and author. Otherwise you're lost.
Of course, keep in mind that recent viruses have used legitimate local e-mail addresses to send copies of themselves to people in that person's address book. You certainly shouldn't be able to prevent him from being able to use "From: bortzmeyer@nic.fr" when it's his own machine sending mail from his own MUA, assuming he were vulnerable to this sort of thing.
That's a very bad argument. - Even if he is the owner of his machine, this does not automatically mean that his is the owner of this particular domain or address. That's how emotions work, but security does not work this way. Being authorized to use a particular address does have nothing to do whether someone is the owner of a particular computer. I am right now using a computer to write this e-mail which I don't own. So what? To invent e-mail security, there must be a technical difference between those who are authorized to use an address and those who are not. This difference must be detectable by receivers. That's how security works. Would you prefer to ask every sender of an e-mail message whether he can show a purchase receipt for the computer to prove that he is the legitimate owner? Think about it. The being-the-owner-of-the- machine argument is nonsense. - If the virus needs to use a legitimate address, then any error messages of virus filter will be sent back to the person responsible for that machine, and the machine can be fixed or taken offline. This is not possible if the error messages are sent to the wrong address. - I and many other people are currently drowning in error messages from relays which received worm messages with my/their domain as a sender address. This is a much bigger problem than the worms themselves. RMX will stop this imediately. Hadmut