Re: [exim] support for domainkeys

Top Page
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: David Woodhouse
CC: Exim User's Mailing List
Subject: Re: [exim] support for domainkeys
[ On Monday, September 27, 2004 at 20:18:42 (+0100), David Woodhouse wrote: ]
> Subject: Re: [exim] support for domainkeys
>
> I suspect you're misunderstanding BATV. It most certainly doesn't need
> anyone else to implement it, or even to adapt to the fact that I have
> implemented it myself. The only person who needs to adapt is myself (and
> those users who have opted in to the scheme) -- by making sure I use
> SMTP AUTH and don't attempt to send MAIL FROM<dwmw2@???> from
> elsewhere.


No, I'm most certainly not misunderstanding BATV at all.

Even the draft RFC makes claims that are downright impossible.

The problem is not one of trying to identify legitimate bounces or
rejecting illegitimate bounces. It's almost always downright trivial to
identify forged bounces without having the help of BATV et al,
especially in the case of the average "joe-job" attack. And of course
if every legitimate user always used end-to-end message authentication
then everyone could easily and securely identify what few forged bounces
may still occur. ;-)


The problem is that millions and _millions_ of MTAs will generate bogus,
unnecessary, bounces at the slightest provocation.

BATV, SPF, PRA, and all these other stupid schemes are solving the wrong
(and irrelevant) problem(s) and only make these attacks worse in some
ways.

The real problems involving forged sender addresses can only be solved
by replacing or fixing all that broken MTA software on _all_ those
millions upon millions of MTAs out there in the real world (or breaking
the fingers of every forger every time and once for every forged message :-).

As you know the SMTP envelope sender address is _nothing_ more than the
address to which NDR and DSN messages must be sent to. It does not
really need anti-forgery protection IFF the _vast_ majority of all MTAs
in operation don't generate bogus unnecessary bounces. It does not even
have a defined or fixed relationship to the actual sender of a message.

It's downright trivial to identify most forged bounces without having
the help of BATV et al -- however without fixing/replacing _all_ the
broken MTA software out there it is literally impossible to fend off the
D.D.o.S. style attacks instigated by the unpreventable forgery of the
sender address in even the most basic mass-mail spammer campaign. BATV,
SPF, and PRA just make such attacks _worse_ (i.e. more effective for the
attacker), not better. All the connections still come in no matter what
you do, but if you use anything like BATV, SPF, PRA, or whatever then
you just waste more resources defending yourself against the
undefendable distributed nature of the attack.

- -- 
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>