[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mandatory email verification


Is anyone aware of a way to modify sendmail to require a verified digital
signature for all mail sent? This subject came up after a discussion
of the possible repercussions of forged email through port 25.
Even a good PGP user can't use manual encryption on a message-by-
message basis as a defense for false mail attribution. For example,
someone forges a defamatory message and signs your name to it. The
recipient brings it to public attention and you try to claim "it doesn't
have my PGP sig, therefore I didn't send it". The obvious counter is that
you purposely failed to sign it to preserve your plausible deniability.
The only way this would work is if the system you're on won't accept
mail unless accompanied by a digital signature, which would allow the
user to claim innocence if it wasn't his sig. The mailer would also have
to check the sig to ensure that it belongs to an authorized user on the
system to prevent people from creating one-time keys just to appease the
mailer and prevent their real sig from being used. Running this version
of "SIGmail" (<-- note flashy new marketing name) on your system would
seem to be a reasonable defense against claims of false attribution.

Has anyone done any work along these lines? Is there an obvious fault
with a system which would operate in this manner?

Please don't misconstrue this as an attack on anon mail, which obviously
needs to be preserved. What I'm interested in avoiding is mail forged
with another user's name. All that's required to do a convincing job now
is an account on the user's home system and some knowledge of ESMTP. Seems
to me like this is a potential disaster waiting to happen.

Maybe the H.E.A.T. crew can solve this one . . . Fabio, we need you!

=D.C. Williams	<[email protected]>