Full Disclosure mailing list archives
RE: Improving E-mail security...
From: Leif Sawyer <lsawyer () gci com>
Date: Tue, 26 Aug 2003 15:54:26 -0800
Bengt Ruusunen writes:
Hello, As everybody knows that recent viruses spread via sending spoofed 'sender address'. fex. I am a person 'someone () someone com' and got so called 'return mail' from 'someone () receiving organisation com' telling that mail sent by me (which I never sent in a first place) cannot be delivered. Obviously containg somekind malware as an attachment. [...] - E-mail receiving server could check that 'very first original' From: line and if it is same than the receiver address ie. 'someone () someone com' Perform an check to see if the 'sender identification' ie. salted public key, GUID or something (X-Authenticated-Guid: #0a845d299ca340087140) exists in mail header. Delivery should be done only if an 'sender identification' exist and the key matches.
What about mail MUA/servers which silently drop your optional X-Authenticated-Guid: header? You would be trashing every mail from those clients. Now if you used this in tandem with a spam filter software like SpamAssassin, you could use it to re-weight the probability of the response.
Attachment:
smime.p7s
Description:
Current thread:
- Improving E-mail security... Bengt Ruusunen (Aug 26)
- Re: [LONG] Improving E-mail security... lceone () comcast net (Aug 26)
- Re: [LONG] Improving E-mail security... Ron DuFresne (Aug 27)
- Re: [LONG] Improving E-mail security... Valdis . Kletnieks (Aug 27)
- <Possible follow-ups>
- RE: Improving E-mail security... Leif Sawyer (Aug 26)
- RE: Improving E-mail security... Eric Wagner (Aug 27)
- Re: Improving E-mail security... I.R.van Dongen (Aug 27)
- Re: [LONG] Improving E-mail security... lceone () comcast net (Aug 26)