Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Intel.com Mailing List Arbitrary Address Removal Link
From: Todd Underwood <todd () osogrande com>
Date: Thu, 7 Feb 2002 14:00:36 -0700 (MST)

joel, all,

On Wed, 6 Feb 2002, Joel Maslak wrote:
The fix for this requires sophisticated bounce tracking software.  The
only real way to fix this problem is to send each recipient a message with
a custom-encoded FROM envelope address, such as:
      bounce-<user-id>-<security-key>@example.com
Where the user-id is some sort of database identifyer and the security key
is simply a random number kept in the database to prevent malicious
activity (it could also be some sort of cryptographic code).  When the
example.com mail server receives a message to bounce-xxx-yyy () example com,
it checks the security key, verifies that the bounce is a permanent
bounce, and deletes the user.

it's worth noting that this is a succinct description of VERP (variable 
envelope return path), something used by ezmlm and qmail to accomplish 
exactly this--make it difficult to forge a bounce and easy to determine 
true per-recipient bounces.  VERP makes handling large mailing lists 
trivial and significantly reduces this security problem.

see http://www.lifewithqmail.org/lwq.html#verp for a good description.

-- 
todd underwood, vp & cto
oso grande technologies, inc.
todd () osogrande com

"Those who give up essential liberties for temporary safety deserve
neither liberty nor safety." - Benjamin Franklin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault