IETF Logo Mail Archive

Re: [Asrg] Consent Proposal

"Danny Angus" <danny@apache.org> Tue, 01 July 2003 11:07 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06190 for <asrg-archive@odin.ietf.org>; Tue, 1 Jul 2003 07:07:37 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h61B7ET22702 for asrg-archive@odin.ietf.org; Tue, 1 Jul 2003 07:07:14 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XIyf-0005tq-Uv for asrg-web-archive@optimus.ietf.org; Tue, 01 Jul 2003 07:07:13 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06165; Tue, 1 Jul 2003 07:07:07 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XIyZ-00029X-00; Tue, 01 Jul 2003 07:07:07 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19XIyU-00029U-00; Tue, 01 Jul 2003 07:07:02 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XIyT-0005kS-Uo; Tue, 01 Jul 2003 07:07:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XIy9-0005gK-VU for asrg@optimus.ietf.org; Tue, 01 Jul 2003 07:06:42 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06141 for <asrg@ietf.org>; Tue, 1 Jul 2003 07:06:35 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XIy3-00028s-00 for asrg@ietf.org; Tue, 01 Jul 2003 07:06:35 -0400
Received: from tarbolton.demon.co.uk ([212.229.119.215] helo=killerbees.co.uk) by ietf-mx with smtp (Exim 4.12) id 19XIxs-00028k-00 for asrg@ietf.org; Tue, 01 Jul 2003 07:06:24 -0400
Received: from mailtest ([192.168.0.2]) by killerbees.co.uk (JAMES SMTP Server 3.0a1) with SMTP ID 379; Tue, 1 Jul 2003 11:21:26 +0100 (BST)
From: Danny Angus <danny@apache.org>
To: Yakov Shafranovich <research@solidmatrix.com>, asrg@ietf.org
Cc: Paul Hammant <Paul_Hammant@yahoo.com>
Subject: Re: [Asrg] Consent Proposal
Message-ID: <HKEFKPNPJLANNFPFMDKJIEHLIIAA.danny@apache.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: base64
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <5.2.0.9.2.20030630142516.00b9f118@std5.imagineis.com>
Importance: Normal
Content-Transfer-Encoding: base64
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 01 Jul 2003 12:09:28 +0100
Content-Transfer-Encoding: base64
Content-Transfer-Encoding: base64

> This raises an interesting issue for the group in general. If the current 
> spam problem is not fixed, would there be a move to proprietary 
> alternative 
> email solutions such as this one?

Thats a very good question, I can see a two tier system developing with trusted transport being used where it is available and much less credence being given to mail arriving through the older mechanisms.

I'd like to think that a trust system could be added to ESMTP as a new verb and MTA's could take appropriate action, therfore as the new verb spreads in use more MTA's would begin to reject mail not sent using it.

We had a discussion at http://james.apache.org where it was proposed that we consider blocking mail from unknown hosts with a new temporary rejection code, carry out a check on the host (which has also verified all upstream hosts) which can take as long as it needs to beacause we've told the sender to wait, then if we like it call it back and use ETRN to poke it to send us the mail, or when it tries again issue a 5xx and tell it that it is not trusted.

The beauty of this system is that you could also use both trusted and untrusted SMTP, but you would be able to distingush between mail from trusted hosts and mail from untrusted ones and handle it accordingly. You might want to quarantine the untrusted mail or use content filters, but fast track trusted mail.

As far as the checks are concerned simply checking the sender automatically for open-relay would make an impact, using private include/exclude address lists and publicly maintained lists would also help.

As the implementation of the system spread it would become possible for servers to refuse totally to accept mail from untrusted sources, for trust to be communicated using the existing trust certificate mechanisms, and for chains of trust to be created which would in theory allow for quite extensive free movement of mail using SMTP and with the exclusion of anonymous senders.



d.

v2.23.0 | Report a Bug | By Email