On Mon, Sep 06, 2004 at 11:52:03AM -0600, R. A. Hettinga wrote:
E-mail security company MX Logic Inc. will report this week that 10 percent of all spam includes such SPF records,
I have mentioned this problem more than a year ago in context of my RMX draft (SPF, CallerID and SenderID are based on RMX). Interestingly, nobody really cared about this major security problem. All RMX-derivatives block forged messages (more or less). But what happens if the attacker doesn't forge? That's a hard problem. And a problem known from the very beginning of the sender verifikation discussion. The last 17 month of work in ASRG (Anti Spam Research Group, IRTF) and MARID (Mail authorization records in DNS, IETF) are an excellent example of how to not design security protocols. This was all about marketing, commercial interests, patent claims, giving interviews, spreading wrong informations, underminding development, propaganda. It completely lacked proper protocol design, a precise specification of the attack to defend against, engineering of security mechanisms. It was a kind of religious war. And while people were busy with religious wars, spammers silently realized that this is not a real threat to spam. Actually, it sometimes was quite the opposite: I was told of some cases where MTAs were configured to run every mail through spam assassin. Spam assassin assigns a message a higher score if the sender had a valid SPF record. Since most senders with valid recors were the spammers, spam received a higher score than plain mail, which is obviously the opposite of security. People spent more time in marketing and public relations than in problem analysis and verifikation of the solution. That's the result. What can we learn from this? Designing security protocols requires a certain level of security skills and discipline in what you want to achieve. Although RMX/SPF/CallerID/SenderID does not make use of cryptography, similar problems can be sometimes found in context of cryptography. Knowing security primitives is not enough, you need to know how to assemble them to a security mechanism. Good lectures are given about the mathematical aspects of cryptography. But are there lectures about designing security protocols? I don't know of any yet. And there is a new kind of attack: Security protocols themselves can be hijacked and raped by patent claims. regards Hadmut