Printable version |
Here are some significant issues with any designated sender (DS) scheme that attempts to list the valid IP addresses that can send mail for a domain. Problem: Some domains are more appropriate for DS than others. Many businesses by policy send all mail from their home network, but ISPs with home users may or may not, particularly if users have multiple accounts, and forwarding services (see below) expect all mail to be sent from other networks. Band-aid: none obvious, not a technical problem. Analysis: Domains don't have to publish DS data, but there's a risk that if DS were widely accepted, domains without it would be considered second class mail senders. Problem: The envelope address bears no relationship to the From: address, so bad guys can circumvent DS by using either a real envelope address of the (probably hijacked) sending host or one in a domain with no or poor DS data. Band-aid: None obvious, forcing envelope to match From: would break vast amounts of existing mailing list software. Analysis: This is the greatest failure of DS. Problem: Users of forwarding systems such as pobox.com and ieee.org send lots of mail from fixed locations unrelated to the domain. Band-aid: (a) Use the envelope of actual sender address, or (b) forwarders publish DS data saying mail can be sent from anywhere. Analysis: Band-aid (a) has security issues and may be hard to implement on networks where user IDs are not tied to IP or SMTP AUTH. Band-aid (b) gives a free pass to spammers. Major failure. Problem: Forwarding systems such as pobox.com and ieee.org forward incoming mail onrward with the original envelope. Band-aid: (a) forwarding systems publish special data saying that they are virtuous liars, or (b) forwarders wrap original envelope in their own, e.g., al@a.com -> bo@b.com rewritten as bo-al=a.com@b.com when forwarded so that it both shows the forwarder's address and can forward bounces back if need be. Analysis: Band-aid (a) is hard to manage, since it needs manual decisions whose virtue you trust. Band-aid (b) works OK, I've done it. Forwarding systems are relatively easy to deal with if you trust them only to forward on verified request of recipient as most now do. Problem: Newspaper and greeting card web sites have forms to mail messages to your friends with your own return address. Internet kiosks that send mail also might do so. Band-aid: (a-b) same as forwarding systems above, (c) always use sending system's own envelope return address. Analysis: It's Harder to manage (a) since these systems typically permit anyone to use them, and depend on rate limiting or site sluggishness to prevent use for mailbombing and spam. Band-aids (b) and (c) probably would work OK. |