IETF Logo Mail Archive

RE: 6. Proposals - Sender Verification (was Re: [Asrg] Simple wayto verify sender, track mail abusers)

"Eric Dean" <eric@purespeed.com> Mon, 29 September 2003 13:34 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14257 for <asrg-archive@odin.ietf.org>; Mon, 29 Sep 2003 09:34:34 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3yA6-0001r2-Kg for asrg-archive@odin.ietf.org; Mon, 29 Sep 2003 09:34:12 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8TDY27e007122 for asrg-archive@odin.ietf.org; Mon, 29 Sep 2003 09:34:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3yA6-0001qn-C0 for asrg-web-archive@optimus.ietf.org; Mon, 29 Sep 2003 09:34:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14241 for <asrg-web-archive@ietf.org>; Mon, 29 Sep 2003 09:33:54 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3yA4-0005oX-00 for asrg-web-archive@ietf.org; Mon, 29 Sep 2003 09:34:00 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A3yA4-0005oS-00 for asrg-web-archive@ietf.org; Mon, 29 Sep 2003 09:34:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3yA4-0001jq-RM; Mon, 29 Sep 2003 09:34:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3y9R-0001g0-Gj for asrg@optimus.ietf.org; Mon, 29 Sep 2003 09:33:22 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14215 for <asrg@ietf.org>; Mon, 29 Sep 2003 09:33:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3y9P-0005oC-00 for asrg@ietf.org; Mon, 29 Sep 2003 09:33:19 -0400
Received: from relay.purespeed.com ([63.210.22.4]) by ietf-mx with esmtp (Exim 4.12) id 1A3y9P-0005o1-00 for asrg@ietf.org; Mon, 29 Sep 2003 09:33:19 -0400
Received: from sohonotebook (ip68-98-157-216.dc.dc.cox.net [68.98.157.216]) by relay.purespeed.com (Postfix Relay Hub) with ESMTP id 7FC0D1810E; Mon, 29 Sep 2003 09:25:29 -0400 (EDT)
From: Eric Dean <eric@purespeed.com>
To: 'Yakov Shafranovich' <research@solidmatrix.com>
Cc: 'david nicol' <whatever@davidnicol.com>, 'Dennis Gearon' <gearond@fireserve.net>, asrg@ietf.org, 'Brad Knowles' <brad.knowles@skynet.be>
Subject: RE: 6. Proposals - Sender Verification (was Re: [Asrg] Simple wayto verify sender, track mail abusers)
Message-ID: <003801c3868e$3d1f8620$0a01a8c0@sohonotebook>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <3F77CACD.6000403@solidmatrix.com>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Mon, 29 Sep 2003 09:33:16 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

While I believe that there is a considerable amount of research,
brainstorming, and intuition that could go into such a document.  I
would be very interested in seeing some statistics from CR people our
there.

For example,

1) What percentage (and volume) of challenges are responded?
2) What percentage of challenges bounce?
3) What percentage of whitelisted senders are from CR vs. manual (or
from outgoing email, Contacts-import....)
4) What percentage of spam still gets through..and how/why?
5) What percentage of users (and volume) use the CR system for
anti-spam?  How long to acclimate?

Then there are qualitative issues of lessons-learned, perception,
effectiveness....

> -----Original Message-----
> From: yshafranovich02@sprintpcs.com
[mailto:yshafranovich02@sprintpcs.com]
> On Behalf Of Yakov Shafranovich
> Sent: Monday, September 29, 2003 2:02 AM
> To: Eric Dean
> Cc: 'david nicol'; 'Dennis Gearon'; asrg@ietf.org; Brad Knowles
> Subject: Re: 6. Proposals - Sender Verification (was Re: [Asrg] Simple
> wayto verify sender, track mail abusers)
> 
> For those who do not like the entire idea of C/R, it might be useful
if
> someone volunteers to write up an evaluation of C/R in general.
> Something on C/R was mentioned in the technical considerations
document
> which can be used in conjunction with the requirements document to do
an
> evaluation. This way we can see a point by point break down of cons
and
> pros of C/R. William Leibzon also has a presentation relevant to this.
> The documents are available at:
> 
> http://www.infobro.com/anon-FTP/infoSource/IRTF/ASRG/draft-irtf-asrg-
> requirements-xx-05.txt
>
http://www.ietf.org/internet-drafts/draft-crocker-spam-techconsider-02.t
xt
>
http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf
> 
> There is also some BCPs that can be written up for C/R systems. Some
of
> that work has been done in the CRI proposal and Brad Templenton also
has
> a BCP list. These are available at:
> 
> http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt
> http://www.templetons.com/brad/spam/challengeresponse.html
> 
> Eric Dean wrote:
> > Considering I haven't received but a comment or two, sure, I'll
maintain
> > the draft.
> >
> > With regards to body hashing or anything else, no one is preventing
such
> > a method.  It's an option available to individual implementers of CR
> > systems.  I am merely proposing a method that they interoperate.
> >
> > I am not proposing that CR is a solution for spam.  In fact, I have
> > evidence to the contrary...nevertheless, they exist and are used in
many
> > places throughout the Internet.  IMHO it may be an interesting idea
if
> > they automatically interoperate rather than require user
interaction.
> >
> >
> >>-----Original Message-----
> >>From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of
> >
> > david
> >
> >>nicol
> >>Sent: Sunday, September 28, 2003 7:08 PM
> >>To: Dennis Gearon
> >>Cc: asrg@ietf.org
> >>Subject: Re: 6. Proposals - Sender Verification (was Re: [Asrg]
Simple
> >>wayto verify sender, track mail abusers)
> >>
> >>On Thu, 2003-09-25 at 19:32, Dennis Gearon wrote:
> >>
> >>>Yakov Shafranovich wrote:
> >>>
> >>>
> >>>>Fourth, take a look at the CRI proposal:
> >>>>
> >>>>http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt
> >>>
> >>>Actually, my idea, I believe, takes care of most of the problems
> >
> > with
> >
> >>>the Level 2 CRI system. I will think about it for awhile.
> >>
> >>When is CRI 01 due?  Who is maintaining it (I nominate Eric Dean)?
> >>It has been pointed out that body hashing would make CRI level-2
> >>work, and this was AIUI generally agreed-to.  Yet a revised CRI
> >>document has not yet appeared.
> >>
> >>
> >>--
> >>David Nicol /  kernel 2.6.0 is pretty whippy
> >>
> >>
> >>
> >>_______________________________________________
> >>Asrg mailing list
> >>Asrg@ietf.org
> >>https://www1.ietf.org/mailman/listinfo/asrg
> >
> >
> >
> >
> > _______________________________________________
> > Asrg mailing list
> > Asrg@ietf.org
> > https://www1.ietf.org/mailman/listinfo/asrg
> >
> 



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email