MAIL-FROM Authentication

The MAIL-FROM authentication method checks the content of the RFC822 From header of an update request against the regular expression specified in the maintainer object "auth" field. If the regular expression matches the content of the From header, the update request is authenticated successfully.

   mntner:      MAINT-AS1234
   descr:       Company's Name
   admin-c:     AC1
   tech-c:      TC1
   upd-to:      admin@customer.com
   auth:        MAIL-FROM controller@customer.com
   notify:      admin@customer.com
   mnt-by:      MAINT-AS1234
   changed:     admin@customer.com 20010326
   source:      BBOI

The "auth" value can be either an exact value such as

auth: MAIL-FROM someone@somewhere.org

or can be a regular expression such as

auth: MAIL-FROM .*@.*somewhere.org

The regular expressions supported are described in POSIX 1003.2 section 2.8. Note that the matching is applied to the whole content of the From header, including comments if present -- no attempt is made to isolate the mailbox part. Regular expression usage is recommended if several people are authorized to submit objects and/or the From address is different depending on the host machine from which the mail is sent.

The MAIL-FROM authentication scheme is not a very secure scheme. Forging RFC822 headers does not take much effort or ingenuity. The scheme offers a way to protect the integrity of the IRR by preventing accidental updates rather than allowing updates that need to be removed later.

Back to Table Of Contents