Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

The concept of Safe Senders

The concept of Safe Senders

  • Comments 2

Sometimes an end user wants to flag a specific sender as a safe sender, that is, they always want messages from that user to go to their inbox.  You've probably seen this in some newsletters where they say at the top or bottom of the message to please add them to your address book which will prevent spam filters from blocking their mail.  Their assumption is that if they are in your address book, messages from them will always bypass spam filtering.

Let's assume for a moment that the only way we are going to do safe senders is by looking at the sender's email address.  Which email address should we look at?  Should we take the one in the message headers (the P2)?  Or should we take the one in the MAIL FROM in the SMTP conversation (the P1)?

There are advantages both ways.  If we take the P2, it is more intuitive.  The P2 is what the end user sees in their email client, it is a more "natural" one to filter on.  The P1 can be different than the P2 but most email users don't understand the difference and think that the From address in their email is who the message came from.

On the other hand, the advantages of using the P2 are also its weaknesses.  The P1 is who the message is actually from.  If there is a bounce notification it goes to the P1, not the P2.  At a protocol level, this is where message routing occurs.  The P2 is part of the message content just like the Date, X-headers, body content, etc.  Body content is "malleable" whereas the P1 implies a "stronger" identity to the originator.

If we use the P1, we can skip spam filtering during the SMTP conversation.  We get the HELO, the MAIL FROM, and the RCPT TO.  We don't need the rest of the message to determine what to do with it.  If we use the P2, we need to accept more parts of the message and then parse it out.  In other words, the decision comes later.

There are a couple more advantages between using the P1 and P2.  In my next post I will get to a couple more.

Leave a Comment
  • Please add 2 and 4 and type the answer here:
  • Post
  • The widespread use of <a href=http://en.wikipedia.org/wiki/Variable_envelope_return_path">VERP</a> in legitimate bulk mail means that addressbook-based filtering oF the envelope from ("P2") is essentially useless.

    Filtering on something like a List-Id: header would be useful, but I don't know if that's widely supported in widely used MUAs.

  • "The P1 is who the message is actually from."

    Not if root invokes sendmail -f.  Not if a Windows user types the HELO and MAIL FROM lines in Telnet.

    The last time I tried it, I was disappointed by how many servers would accept forged domain names in HELO.  I hope they don't any more.

    If they've smartened up then they can provide verification of what domain the message is actually from, but still not who.

Page 1 of 1 (2 items)