Ending email forgery

In our July 18 feature, Canning Spam we mentioned an Internet draft proposal from Hadmut Danisch, called RMX (Reverse Mail eXchange). It was an elaboration of an earlier proposal by Paul Vixie, architect of BIND (Berkeley Internet Name Domain), who in turn attributes the idea to Jim Miller of JCM Consulting. The idea is elegantly simple. In addition to publishing the MX (Mail Exchange) DNS records that identify inbound mail hosts, an organization also publishes reverse MX records that identify outbound hosts. A receiving server queries the DNS to find out if the sending host is so authorized. The name yahoo.com is easy to forge, but the IP addresses of Yahoo's outbound servers are not.

The devil's always in the details, of course. It's remarkably difficult to define exactly what "sender" means in today's complex e-mail environment. Three current proposals -- pobox.com's SPF (originally Sender Permitted From, now Sender Policy Framework), Microsoft's Caller ID for E-Mail, and Yahoo's DomainKeys (unpublished) -- take differing approaches. [Full story at InfoWorld.com]
As part of this week's cover story on email's future, my piece explores the current crop of sender authorization proposals. The boldfaced sentence didn't appear in the printed article. I resurrect it here to help set the record straight. In this mailing list message, Paul Vixie, responding to a posting that mentions the RMX/SPF idea, says: "Fine idea. Thank Jim Miller for it when you see him." Jim and I have never met, but I did track him down in order to establish that he's the sole proprietor of JCM Consulting. So thanks, Jim! Even though your sentence wound up on the cutting room floor, I've put it back where Google can find it.

Here are some clips from my interview with Eric Allman. First, Eric explains why Sendmail Inc. is implementing DomainKeys in preference to the other schemes. Then, Eric and I discuss crypto and the end-to-end principle, relative to DomainKeys.

Former URL: http://weblog.infoworld.com/udell/2004/04/21.html#a980