North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
- From: David Schwartz
- Date: Wed Aug 28 00:04:49 2002
On Tue, 27 Aug 2002 19:40:16 -0700, Jim Hickstein wrote:
>--On Tuesday, August 27, 2002 6:13 PM -0700 David Schwartz
>> I'm afraid the technology to rapidly sift through large volumes of
>>information to search for specific areas of interest is widely available.
>>It is totally reasonable to not want to send mail through your ISP's
>>mail servers and perhaps directly to a trusted mail distributor over an
>>encrypted link. Of course, you can easily use a port other than 25 for
>>this purpose. The problem comes when the recipient tries to validate
>>your origin address against your secure mail server.
>Your secure mail server (i.e. me) just has to be named in a MAIL-FROM MX
>record. We do DNS for some of our customers, and can add this trivially;
>the others control their own zones. Works for me.
How would this stop the destination mailservers from rejecting the mail
forwarded by the secure server? Remember, the situation is that I don't trust
my ISP to see my outbound mail (because that's where warrants are likely to
be served or interception hardware would likely be surreptitiously inserted).
So I don't want my outbound mail passing through my ISP unencrypted.
And I can't just use an email address that is hosted by the secure mail
server, because then that's where the warrant will be served or the interest
will be focused, and my mail is decrypted there. Nobody inspecting the secure
link could necessarily even tell that it was mail that was going over it or
where it was actually decrypted -- the next hop could just be a forwarded
outputting encrypted data to the ultimate decrypter.
I don't think it's unreasonable to simply say that email can't provide this
kind of feature unless the recipient and sender are part of the system. And
in that case, all the problems go away because the recipient will do the
right thing and no intermediate mail servers that don't know what to do are