Full Disclosure mailing list archives

Re: Improving E-mail security...


From: "I.R.van Dongen" <vdongen () hetisw nl>
Date: Wed, 27 Aug 2003 11:25:51 +0200

Current situation of my organisation:

3 mx servers (of which one is accualy at our location)
12 smtp-relay servers on completely different netblocks.

In your opinion, there should be 12 public keys stored for just our 1 domain?

not to mention 3 public keys for our 3 mxs.

Our situation is not uncommon, most organisations don't have just one office network.

Besides the fact that someone has to store the keys on a central server, which can:
1) be hacked, which has the effect that mail cannot be send
2) be exploited by the 3th party trustee to make a lot of money (you want you mail to be send?)
3) be DDos'ed by kiddies to prevent all mail from being send.

- E-mail receiving server could check that 'very first original' From: line 
and if it is same than the receiver address ie. 'someone () someone com'

Perform an check to see if the 'sender identification' ie. salted public 
key, GUID or something (X-Authenticated-Guid: #0a845d299ca340087140) exists 
in mail header.
Without a challenge system, I can simply copy the Guid from any mail.


Delivery should be done only if an 'sender identification' exist and the key

matches.

Otherwise mail should be trashed to dev/null :)

Waiting for comments and succestions...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: