RE: [Asrg] 6. Proposals - Challenge/response - CRI
Yakov Shafranovich <research@solidmatrix.com> Mon, 18 August 2003 02:36 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA26433 for <asrg-archive@odin.ietf.org>; Sun, 17 Aug 2003 22:36:36 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZsO-0002qz-I0 for asrg-archive@odin.ietf.org; Sun, 17 Aug 2003 22:36:13 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7I2a84b010963 for asrg-archive@odin.ietf.org; Sun, 17 Aug 2003 22:36:08 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZsO-0002qk-EL for asrg-web-archive@optimus.ietf.org; Sun, 17 Aug 2003 22:36:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA26410; Sun, 17 Aug 2003 22:36:01 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19oZsK-0004Eh-00; Sun, 17 Aug 2003 22:36:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19oZsK-0004EZ-00; Sun, 17 Aug 2003 22:36:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZrJ-0002gm-Vz; Sun, 17 Aug 2003 22:35:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZr8-0002gA-6I for asrg@optimus.ietf.org; Sun, 17 Aug 2003 22:34:50 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA26376 for <asrg@ietf.org>; Sun, 17 Aug 2003 22:34:43 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19oZr4-0004Dm-00 for asrg@ietf.org; Sun, 17 Aug 2003 22:34:46 -0400
Received: from [68.27.232.147] (helo=68.27.232.147 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19oZr0-0004Db-00 for asrg@ietf.org; Sun, 17 Aug 2003 22:34:44 -0400
Message-Id: <6.0.0.14.0.20030817223412.0271a9b8@solidmatrix.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.14 (Beta)
To: Eric Dean <eric@purespeed.com>, Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Sun, 17 Aug 2003 22:34:13 -0400
At 04:40 PM 8/15/2003, Eric Dean wrote: >............. > > My other "first reaction" to the proposal is that the SMTP idea is > > interesting although the use of a 4xx temporary failure code for a > > challenge will of course result in non-compliant sender MTAs > > retrying and repeatedly failing. Of course in the end they'll > > give up and then will the sender's original message bounce back? > >I'll let Yakov reply [Sorry guys for the delay, but with the blackout my company's mail servers went offline and I missed the message.] The CRI proposal itself proposes the use of SMTP in addition to MIME headers in order to facilitate easier interoperability between two systems that already support CRI. By using the SMTP extension, the receiver's system can forgo the expense of storing the email while the verification process takes place - instead that burden remains on the sender's system. However, I am assuming that you are referring to "GreyListing" (http://projects.puremagic.com/greylisting/) which rejects the email with a temporary code. While GreyListing rejects email from specific IP/sender/recipient combinations, in C/R systems that would take place for any non-whitelisted message. This is in fact what Peter Key's TitanKey system does, although it rejects the message with a 5xx code. A normal Internet email system will keep on retrying to send the message depending on settings set by administrator for quite some time (I have seen email systems that go on for over seven days). In the end they will fail and bounce the message to the sender. However, in that case the sender has an option to resend the message once he replied to the challenge. In that case, his email will go through. NOTE: Keep in mind that the ESMTP extension in the CRI proposal only applies to two systems that both supports CRI. If one of the parties does not support CRI, then everything falls back on MIME headers. > > I'm interested here in the interoperability issues between MTAs > > which support CRI and those which don't. Some more discussion in > > that area would be helpful. > >Well..the MIME headers should be transparent...then you still have to write >a clear email message explaining what to do. One of the things mentioned in the CRI proposals is the possible use of DSNs. DSNs have a human-readable message as well for system that are non-compliant. In CRI enabled systems, the human readable part will contain response directions for non-compliant systems. The machine-readable part will contain CRI headers for systems that support CRI. Yakov _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Andrew Akehurst
- Re: [Asrg] 6. Proposals - Challenge/response - CRI John Fenley
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Yakov Shafranovich
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI Deven T. Corzine
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- Re: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean
- RE: [Asrg] 6. Proposals - Challenge/response - CRI david nicol
- RE: [Asrg] 6. Proposals - Challenge/response - CRI Eric Dean