RE: [Asrg] 6. Proposals - Challenge/response - CRI
"Eric Dean" <eric@purespeed.com> Fri, 15 August 2003 20:41 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13089 for <asrg-archive@odin.ietf.org>; Fri, 15 Aug 2003 16:41:13 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19nlNP-0002bE-IU for asrg-archive@odin.ietf.org; Fri, 15 Aug 2003 16:40:48 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7FKel5M009986 for asrg-archive@odin.ietf.org; Fri, 15 Aug 2003 16:40:47 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19nlNP-0002az-75 for asrg-web-archive@optimus.ietf.org; Fri, 15 Aug 2003 16:40:47 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13049; Fri, 15 Aug 2003 16:40:42 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19nlNN-0005zP-00; Fri, 15 Aug 2003 16:40:45 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19nlNM-0005zM-00; Fri, 15 Aug 2003 16:40:44 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19nlMe-0002Sc-SF; Fri, 15 Aug 2003 16:40:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19nlMD-0002PB-6v for asrg@optimus.ietf.org; Fri, 15 Aug 2003 16:39:33 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12976 for <asrg@ietf.org>; Fri, 15 Aug 2003 16:39:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19nlMB-0005yV-00 for asrg@ietf.org; Fri, 15 Aug 2003 16:39:31 -0400
Received: from relay.purespeed.com ([63.210.22.4]) by ietf-mx with esmtp (Exim 4.12) id 19nlMA-0005yS-00 for asrg@ietf.org; Fri, 15 Aug 2003 16:39:30 -0400
Received: from HOMEY (ip68-98-157-216.nv.nv.cox.net [68.98.157.216]) by relay.purespeed.com (Postfix Relay Hub) with SMTP id 0F544181E0; Fri, 15 Aug 2003 16:22:19 -0400 (EDT)
From: Eric Dean <eric@purespeed.com>
To: Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Message-ID: <MBEKIIAKLDHKMLNFJODBGEIKGCAA.eric@purespeed.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
In-Reply-To: <1060962181.3f3cff85becf4@student-webmail.lboro.ac.uk>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Fri, 15 Aug 2003 16:40:39 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
> > Out of these headers, this one caught my eye: > > "CRI-Sender-Exempt: identifies that the sender desires to not > receive a CRI message. i.e. mailing list" > > I'm glad you've included support for mailing lists. I'd like to > know how you envisage this being used in practice. In section 4.2 > you state that: Most CR systems support a variety of mailing list identification methods that have been discussed in prior threads. For example, sender header > > "Mailing lists may include CRI-Sender-Exempt headers to > indicate that challenge messages should not be posted to > the mailing list..." > > What will be the content of such a header? Good question...it could be blank..like an HTTP no-cache header..or maybe have some content. It should probably identify the mailing list i.e. CRI-Sender-Exempt: asrg@ietf.org That way the recipient could whitelist the header for now and always. > Is it just a flag > such as "CRI-Sender-Exempt: 1"? If so, what would stop a > spammer from adding such headers to their messages? Nothing. However, a well-implemented CR system should simply suppress a challenge message to the sender...but should probably not forward the message as a trusted source unless the recipient whitelists. I'm not trying to dictate how a CR system should be designed..but am trying to provide a basic set of interoperability procotol messages to automate interaction > Is it true that a spammer who used such headers simply wouldn't > be sent a challenge message? Possibly..it's probably not a must...but is the intention > If so I guess they wouldn't have the > opportunity to answer a challenge and thus get themselves > permission to send to the receiver. So maybe it's not in their > interests to try and use such a header. That's what I'm thinking > The need to rewrite mailing list software to generate such headers > is potentially more of an issue. Supposing I decided to use CRI > yet subscribed to some mailing lists which didn't generate such > headers. Yes, however, many CR systems today identify lists. Also, mailing lists would eventually add the header..it's not necessary day 1. There are other uses...a CR system should also add the header to it's CR messages...ecommerce receipts too... > How could I ensure such messages got through? I don't believe you can. > My other "first reaction" to the proposal is that the SMTP idea is > interesting although the use of a 4xx temporary failure code for a > challenge will of course result in non-compliant sender MTAs > retrying and repeatedly failing. Of course in the end they'll > give up and then will the sender's original message bounce back? I'll let Yakov reply > I'm interested here in the interoperability issues between MTAs > which support CRI and those which don't. Some more discussion in > that area would be helpful. Well..the MIME headers should be transparent...then you still have to write a clear email message explaining what to do. > _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- Re: [Asrg] 6. Proposals - Challenge/response - CRI John Fenley
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Deven T. Corzine
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean