nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)

From: David Schwartz <davids () webmaster com>
Date: Tue, 27 Aug 2002 21:01:16 -0700



On Tue, 27 Aug 2002 19:40:16 -0700, Jim Hickstein wrote:

--On Tuesday, August 27, 2002 6:13 PM -0700 David Schwartz
<davids () webmaster com> wrote:



   I'm afraid the technology to rapidly sift through large volumes of
information to search for specific areas of interest is widely available.
It  is totally reasonable to not want to send mail through your ISP's
mail  servers and perhaps directly to a trusted mail distributor over an
encrypted  link. Of course, you can easily use a port other than 25 for
this purpose.  The problem comes when the recipient tries to validate
your origin address  against your secure mail server.



Your secure mail server (i.e. me) just has to be named in a MAIL-FROM MX
record.  We do DNS for some of our customers, and can add this trivially;
the others control their own zones.  Works for me.


        How would this stop the destination mailservers from rejecting the mail
forwarded by the secure server? Remember, the situation is that I don't trust
my ISP to see my outbound mail (because that's where warrants are likely to
be served or interception hardware would likely be surreptitiously inserted).
So I don't want my outbound mail passing through my ISP unencrypted.

        And I can't just use an email address that is hosted by the secure mail
server, because then that's where the warrant will be served or the interest
will be focused, and my mail is decrypted there. Nobody inspecting the secure
link could necessarily even tell that it was mail that was going over it or
where it was actually decrypted -- the next hop could just be a forwarded
outputting encrypted data to the ultimate decrypter.

        I don't think it's unreasonable to simply say that email can't provide this
kind of feature unless the recipient and sender are part of the system. And
in that case, all the problems go away because the recipient will do the
right thing and no intermediate mail servers that don't know what to do are
needed.

        DS
Previous By Date Next
Previous By Thread Next

Current thread: