mailsword - possible problems
- This comes from another mailing list I read and I have copied it as it
raises some interesting questions:
I surfed around Mailblocks's http://www.mailblocks.com site, and didn't
see any explanation of two concerns I have about challenge-response
"prove-you-love-me" (PYLM) systems:
(1) What if Adam uses a PYLM system and Betty uses a competing
system. Adam sends Betty an email, but isn't a trusted sender.
Betty's PYLM sends a confirmation request to Adam, but her PYLM isn't
a trusted sender. Adam's PYLM then sends a confirmation request to
Betty (or her PYLM). At worst, a mail loop ensues. At best, Adam's
mail never reaches Betty. I can see a number of ways to partially
address this problem, but every one of these workarounds (and it
appears that a successful system would have to use several) would
open potential exploits to spammers.
(2) Adolf is a spammer. He discovers that every time he sends an
email to Betty, her PYLM sends a confirmation request to the apparent
sender of the email. Cool! Adolf crafts a spam-spewing machine that
spits out thousands of emails addressed to Betty with forged headers
that make it appear that the mail comes from his handy "16.4 million
v-e-r-i-f-i-e-d email addresses" CD. Betty's PYLM dutifully delivers
the payload to *our* inboxes. Again, there are workarounds but,
again, every one of them has side effects.
PYLM strikes me as one of those solutions that is simple in concept
but difficult or impossible to implement in the real world. The devil
is, indeed, in the details.