Re: [opensuse] Re: Email Security question: Hijacked email !!! was: Vista

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greg Freemyer wrote:
On Mon, Aug 11, 2008 at 8:07 AM, Joachim Schrod <jschrod@xxxxxxx> wrote:
Alexey Eremenko wrote:

<snip>

I have multiple email domains that I use for different purposes. Company,
open source activities, several project-specific ones, private, also even a
googlemail.com that I rarely use. (Please note: not different mboxes in one
domain, but different *domains*.)

When I send email, I do so all the time from my own workstation, using my
own mail server, and -- of course, using all those domain names, as the
context requires. So, of course it might happen that a valid email from
acm.org or googlemail.com did is not sent by their respective mail servers.



Joachim

I don't know how the other anti-spoofing tools work, but with SPF you
would be required to add a DNS entry to each of the domains to show
your outbound SMTP server.

Currently if (via your smtp server) you send an email with a from
address of gmail.com to a SPF enabled recipient, your email should be
ignored as invalid.

The SPF way of doing things is do one of the below:
1) Register your outbound smtp server via DNS as an authorized domain
email originator.
2) Configure your email client to use one of the authorized smtp
originators for that domain. ie. if for a particular email your from
address is gmail.com, then you need to use smtp.gmail.com (or whatever
it is) as the smtp server for that specific email.

I don't know if email clients are allowing you to configure an
outbound smtp server based on the from fields yet or not. For SPF to
be fully useful, you will need that feature.

Greg

I tend to be with Joachim with this one, however I would like add this
is IMHO a complex solution to a non-problem. Sending messages as someone
else has been around since the first clay tablet was sent (thrown) from
A to B, and measures to indicate that A is really A have been around
since soon after then. It is called a signature (or seal)... in the case
of e-Mail this thing can be digital in nature (and a lot harder to copy
than the manual signature or physical seal).

Possibly the simplest and most elegant solution would be for the mail
server to validate the signature of the sender if you really needed to
filter at the server, rather than adding a dodgy DNS hack, or the more
complex DKIM mechanism. Then it becomes a matter of individual rather
than collective responsibility.

I suspect that the logic behind this is more about getting to people to
use centralised commercial mail services than any real enhancement to
peoples email security.

- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkij8NEACgkQasN0sSnLmgI2DwCgkb6nvh3usd0cWR7Zi1jMpA4N
wD8An2BMYdsUlXW1Ep4M1uqBJCmiIW1N
=VUSF
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: SPF record question
    ... >> have to come from a mail server that is valid to receive ... >> not only enforce SPF, they should shut down open relay ... > So from my laptop I can send mail using my smtp server ... I simply don't know which subnet to add in the ...
    (microsoft.public.windows.server.dns)
  • Re: Ask EU mail sending message
    ... Could somerat tell me which bit of my system I should be looking at in response to the following, which I get when I try to send mail: ... The mail server responded: REJ-RELAY-001: relay not permitted. ... You are trying to use an SMTP server which is not owned by the ISP you're currently connected to - this has been blocked for decades to stop spammers sending mail via other companies' mail servers. ... your mail client is still configured to the SMTP server of your UK ISP - you need to change it for the one provided by your French ISP. ...
    (uk.media.radio.archers)
  • Re: Fixed but no idea why.
    ... mail server fine now that my SMTP server has a different name? ... appears on the right-hand side of e-mails generated by your systems. ... latter option, while not encouraged, will work because the SMTP RFCs ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Help
    ... >> I can send and receive emails using Outlook Express ... > All you can do is check the documentation of your SMTP server if you ... but the issue is the same no matter what mail server: ... Microsoft Windows MVP - Windows Server - Directory Services Security Is Like An Onion, ...
    (microsoft.public.windows.server.dns)
  • Re: Mobile User issue with SMTP Server
    ... mail from a foreign network if the user authenticates to the SMTP server? ... ideally you want everyone to point to that "home office ISP" whether they ... If I set the satellite office's SMTP mail server to the ...
    (microsoft.public.outlook.general)