Re: [exim] EBL: blacklist for email addresses in Reply-To an…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jan Ingvoldstad
Datum:  
To: exim users
Betreff: Re: [exim] EBL: blacklist for email addresses in Reply-To and message bodies
On Wed, Jun 28, 2017 at 9:27 PM, Phil Pennock <pdp@???> wrote:
> There could stand to be some privacy implications discussion too --
> you're sending out, over the wire in unencrypted DNS packets, a
> predictable derivation of the Reply-To: header received for every email
> from a given domain. Using a cryptographic checksum protects against
> casual snoopers knowing, but does not protect against those with a
> dictionary of email addresses generating a reverse map and using that
> for lookups, so undermines a chunk of the TLS-by-default work going on
> by leaking metadata. Usual RBLs only leak that there was communication
> from an IP, which a network traffic sniffer could see anyway.


Although SHA-1 is known to be weak, it's still a bit of work to brute
force it for a busy mailserver, but for a server that only sees
occasional traffic, there is legitimate concern.

SHA-256 would be nice.

Perhaps we (FSVO "we") should draft a proposal to the MSBL about using
SHA-256 instead?

--
Jan