Ending E-Mail Forgery.

This article focuses on the issue of ending electronic mail forgery. Allegedly, there is a hole in SMTP big enough, which is what senders of unsolicited electronic mail messages routinely conduct when they forge sender addresses. In modern times, it is trivial to send a message that seems to come from a legal Web site address. Wether it is a publisher groping for access to a bank account or a cyberterrorist looking to compromise a personal computer, both the company whose identity is spoofed and the individual who is attacked suffer the damage. Companies that run secure Web sites know how to acquire the server certificates that assert their identities and enable SSL connections. Such companies could also use client certificates to sign electronic mail messages and probably should. But individuals rarely have or use digital certificates, so electronic mail culture has never evolved a security equivalent of the ubiquitous SSL standard of the World Wide Web. In relation to an Internet draft proposal from Hadmut Danisch, called Reverse Mail Exchange (MX), the idea is elegantly simple. In addition to publishing the Mail Exchange DNS records that identify outbound hosts, an organization also publishes reverse MX records that identify outbound hosts.