Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)

  • From: David Schwartz
  • Date: Wed Aug 28 00:04:49 2002



On Tue, 27 Aug 2002 19:40:16 -0700, Jim Hickstein wrote:
>--On Tuesday, August 27, 2002 6:13 PM -0700 David Schwartz
><davids@webmaster.com> wrote:

>>    I'm afraid the technology to rapidly sift through large volumes of
>>information to search for specific areas of interest is widely available.
>>It  is totally reasonable to not want to send mail through your ISP's
>>mail  servers and perhaps directly to a trusted mail distributor over an
>>encrypted  link. Of course, you can easily use a port other than 25 for
>>this purpose.  The problem comes when the recipient tries to validate
>>your origin address  against your secure mail server.

>Your secure mail server (i.e. me) just has to be named in a MAIL-FROM MX
>record.  We do DNS for some of our customers, and can add this trivially;
>the others control their own zones.  Works for me.

	How would this stop the destination mailservers from rejecting the mail 
forwarded by the secure server? Remember, the situation is that I don't trust 
my ISP to see my outbound mail (because that's where warrants are likely to 
be served or interception hardware would likely be surreptitiously inserted). 
So I don't want my outbound mail passing through my ISP unencrypted.

	And I can't just use an email address that is hosted by the secure mail 
server, because then that's where the warrant will be served or the interest 
will be focused, and my mail is decrypted there. Nobody inspecting the secure 
link could necessarily even tell that it was mail that was going over it or 
where it was actually decrypted -- the next hop could just be a forwarded 
outputting encrypted data to the ultimate decrypter.

	I don't think it's unreasonable to simply say that email can't provide this 
kind of feature unless the recipient and sender are part of the system. And 
in that case, all the problems go away because the recipient will do the 
right thing and no intermediate mail servers that don't know what to do are 
needed.

	DS






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.