|
Full Disclosure
mailing list archives
RE: Improving E-mail security...
From: Leif Sawyer <lsawyer () gci com>
Date: Tue, 26 Aug 2003 15:54:26 -0800
Bengt Ruusunen writes:
Hello,
As everybody knows that recent viruses spread via sending
spoofed 'sender address'.
fex.
I am a person 'someone () someone com' and got so called 'return
mail' from 'someone () receiving organisation com' telling that mail
sent by me (which I never sent in a first place) cannot be delivered.
Obviously containg somekind malware as an attachment.
[...]
- E-mail receiving server could check that 'very first original'
From: line and if it is same than the receiver address ie.
'someone () someone com'
Perform an check to see if the 'sender identification' ie.
salted public key, GUID or something (X-Authenticated-Guid:
#0a845d299ca340087140) exists in mail header.
Delivery should be done only if an 'sender identification'
exist and the key matches.
What about mail MUA/servers which silently drop your optional
X-Authenticated-Guid: header? You would be trashing every
mail from those clients.
Now if you used this in tandem with a spam filter software
like SpamAssassin, you could use it to re-weight the probability
of the response.
Attachment:
smime.p7s
Description:
 By Date 
By Thread
Current thread:
| 
Intro
