IETF Logo Mail Archive

Re: 6. Proposals - Sender Verification (was Re: [Asrg] Simple way to verify sender, track mail abusers)

Dennis Gearon <gearond@fireserve.net> Mon, 29 September 2003 04:15 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11969 for <asrg-archive@odin.ietf.org>; Mon, 29 Sep 2003 00:15:28 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3pRD-0001te-Fn for asrg-archive@odin.ietf.org; Mon, 29 Sep 2003 00:15:07 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8T4F775007284 for asrg-archive@odin.ietf.org; Mon, 29 Sep 2003 00:15:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3pRD-0001tG-Bt for asrg-web-archive@optimus.ietf.org; Mon, 29 Sep 2003 00:15:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11961 for <asrg-web-archive@ietf.org>; Mon, 29 Sep 2003 00:14:58 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3pRA-0000Rz-00 for asrg-web-archive@ietf.org; Mon, 29 Sep 2003 00:15:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A3pRA-0000Ru-00 for asrg-web-archive@ietf.org; Mon, 29 Sep 2003 00:15:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3pR9-0001p0-15; Mon, 29 Sep 2003 00:15:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3pQt-0001o6-C9 for asrg@optimus.ietf.org; Mon, 29 Sep 2003 00:14:47 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11951 for <asrg@ietf.org>; Mon, 29 Sep 2003 00:14:38 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3pQq-0000Rq-00 for asrg@ietf.org; Mon, 29 Sep 2003 00:14:45 -0400
Received: from phaze.fireserve.net ([207.109.249.2] ident=root) by ietf-mx with esmtp (Exim 4.12) id 1A3pQq-0000Rn-00 for asrg@ietf.org; Mon, 29 Sep 2003 00:14:44 -0400
Received: from fireserve.net (dh0020.moore-s.fireserve.net [207.109.249.149]) by phaze.fireserve.net (8.12.10/linuxconf) with ESMTP id h8T4HT5i031933; Sun, 28 Sep 2003 21:17:29 -0700
Message-ID: <3F77B1A2.5030307@fireserve.net>
From: Dennis Gearon <gearond@fireserve.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en, ru
MIME-Version: 1.0
To: david nicol <whatever@davidnicol.com>
CC: asrg@ietf.org
Subject: Re: 6. Proposals - Sender Verification (was Re: [Asrg] Simple way to verify sender, track mail abusers)
References: <3F737A5E.8080606@fireserve.net> <3F737D96.10000@solidmatrix.com> <3F738916.8070907@fireserve.net> <1064790496.970.21.camel@plaza.davidnicol.com>
In-Reply-To: <1064790496.970.21.camel@plaza.davidnicol.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.775, required 6, AWL, BAYES_00)
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Sun, 28 Sep 2003 21:14:26 -0700
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

david nicol wrote:

>On Thu, 2003-09-25 at 19:32, Dennis Gearon wrote:
>  
>
>>Yakov Shafranovich wrote:
>>
>>    
>>
>>>Fourth, take a look at the CRI proposal:
>>>
>>>http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt
>>>      
>>>
>>Actually, my idea, I believe, takes care of most of the problems with 
>>the Level 2 CRI system. I will think about it for awhile.
>>    
>>
>
>When is CRI 01 due?  Who is maintaining it (I nominate Eric Dean)?
>It has been pointed out that body hashing would make CRI level-2
>work, and this was AIUI generally agreed-to.  Yet a revised CRI
>document has not yet appeared.
>
>
>  
>
I suggested both body and specific headers be hashed. And only 32 bytes 
from the body to save processor time. Someone gave some good, valid 
reasons why the CRI/hash idea has problems, but I think they would not 
be too hard to overcome. Mostly, it was:

    A/ The need to keep records of what is sent.
    B/ The additional changes to SMTP required
        (Anyone really believe that SMTP will forever be extendible and 
not have to be replaced someday?)
    C/ Messages can't be stopped before they leave, only when they arrive.

Well, I am too tired and not well enough versed to coment on A and B. 
However, regarding CI think that the whole SPAM problem has to be solved 
in a two part solution anyway:
    A/ Develop a way to know who is sending what, and receivers can 
decide to accept or not mail that is not certified to be from who it 
says it is from.
    B/ Implement blocking on the send or receive sides, using lists, or 
authority, or validation, etc.

My proposal, and CRI/hash in general only addresses A. I leave B to more 
knowledgable people.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email