[Asrg] SMTP pull anyone?
Ravi shankar <ravisha22@gmail.com> Sun, 16 August 2009 11:20 UTC
Return-Path: <ravisha22@gmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D0813A6CE3 for <asrg@core3.amsl.com>; Sun, 16 Aug 2009 04:20:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.091
X-Spam-Level:
X-Spam-Status: No, score=-1.091 tagged_above=-999 required=5 tests=[AWL=-1.507, BAYES_40=-0.185, HTML_MESSAGE=0.001, J_CHICKENPOX_73=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X9HZl4lDpv6P for <asrg@core3.amsl.com>; Sun, 16 Aug 2009 04:20:37 -0700 (PDT)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24]) by core3.amsl.com (Postfix) with ESMTP id A72193A6894 for <asrg@irtf.org>; Sun, 16 Aug 2009 04:20:37 -0700 (PDT)
Received: by qw-out-2122.google.com with SMTP id 3so821445qwe.7 for <asrg@irtf.org>; Sun, 16 Aug 2009 04:20:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=4medDtOyfe0j3RCmAJ0UqZ4zI87z3t7s4PgF21PGBIE=; b=E69K5nB1fMX0bqxDGrhL6zejJw1C+dnarYDmLbcK+ZapuweoJj4GbazNwnciTYUj3I JP1BPQQgK+xGx0E/9YTfDYNN8cjNlceMxBv/t7QUXoc+QP6wrDgBrjoMD4eY5Dwyegow WfcBSmgz8FUfW7+9mueW5dhjr3V3yHf6u3D/A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Dxo8EKv1hGpOUpZEgdjCezL8o1D0Iwdmfle3EeNESkZE8KS9S6/W+VxF/nrFLB+fgT PINNBOzqbMenT0tHtaVvO/BhUD/B9gnRIPHJFthz3b1REBqgbl2OwARdyrUtHqwqtOji 3TynFxBykO2xCzYmnMZYNRo2KUcKc2PXZjUxY=
MIME-Version: 1.0
Received: by 10.224.17.75 with SMTP id r11mr3584024qaa.387.1250421639418; Sun, 16 Aug 2009 04:20:39 -0700 (PDT)
Date: Sun, 16 Aug 2009 16:50:39 +0530
Message-ID: <922a897b0908160420w4554837aj684e86eb586823af@mail.gmail.com>
From: Ravi shankar <ravisha22@gmail.com>
To: asrg@irtf.org
Content-Type: multipart/alternative; boundary="000feaed9d75a3161d04714079e3"
Subject: [Asrg] SMTP pull anyone?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2009 11:20:38 -0000
Hi, Me and my buddy had a interesting discussion, which i thought could put across the geeks here. It goes something like this: SMTP is currently a push protocol and is initiated by the the sender, no controlling that fact. But it is possible to overcome the relay problems, IP spoofing and domain impersonation etc, by making the servers pull the mails. 1. Sending server contacts the destination and proovides the Message ID and sender details(and other details) and disconnects the session. 2. The receiving server queues it up and looks up the messages one by one using DNS to determine their legitimacy. 3. If the IP that contacted is legitimate(can be verified by say SPF?), it contacts the sender and provides the message ID with other details. 4. The sending server then hands over the message. 5. To overcome DDoS attacks, the receiving server can be made to request the next 10 or so Message IDs that it will assign to messages, so that if a attacker tries to give those details, it will know from the next list of message IDs that it's fake connection. 6. May be by this collection of data, the IP addresses can be reported to a RBL and blacklisted. Please point the holes in this model, so that we might get a entirely new insight. Note: I have gone trough IM2000 and other similar discussions in the archive. Just thought this version of C/R is worth getting discussed. Regards, Ravi
- Re: [Asrg] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? Steve Atkins
- [Asrg] SMTP pull anyone? Ravi shankar
- Re: [Asrg] SMTP pull anyone? Bill Cole
- Re: [Asrg] SMTP pull anyone? mathew
- Re: [Asrg] SMTP pull anyone? Dave CROCKER
- Re: [Asrg] SMTP pull anyone? John Levine
- [Asrg] [ASRG] SMTP pull anyone? Ravi shankar
- Re: [Asrg] SMTP pull anyone? Ian Eiloart
- Re: [Asrg] [ASRG] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] SMTP pull anyone? Michael Thomas
- Re: [Asrg] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Ravi shankar
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Alessandro Vesely
- Re: [Asrg] SMTP pull anyone? Alessandro Vesely
- Re: [Asrg] SMTP pull anyone? Dave CROCKER
- Re: [Asrg] [ASRG] SMTP pull anyone? Bill Cole
- Re: [Asrg] SMTP pull anyone? Bart Schaefer
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Chris Lewis
- Re: [Asrg] [ASRG] SMTP pull anyone? Dave CROCKER
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Chris Lewis
- Re: [Asrg] [ASRG] SMTP pull anyone? Jeff Macdonald
- Re: [Asrg] [ASRG] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Daniel Feenberg
- Re: [Asrg] [ASRG] SMTP pull anyone? Graeme Fowler
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Jeff Macdonald
- Re: [Asrg] [ASRG] SMTP pull anyone? Steve Atkins
- Re: [Asrg] [ASRG] SMTP pull anyone? Chris Lewis
- Re: [Asrg] [ASRG] SMTP pull anyone? Alessandro Vesely
- Re: [Asrg] [ASRG] SMTP pull anyone? Tim Chown
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Daniel Feenberg
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis