IETF Logo Mail Archive

RE: [Asrg] 6. Proposals - Challenge/response - CRI

Yakov Shafranovich <research@solidmatrix.com> Mon, 18 August 2003 02:36 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA26433 for <asrg-archive@odin.ietf.org>; Sun, 17 Aug 2003 22:36:36 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZsO-0002qz-I0 for asrg-archive@odin.ietf.org; Sun, 17 Aug 2003 22:36:13 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7I2a84b010963 for asrg-archive@odin.ietf.org; Sun, 17 Aug 2003 22:36:08 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZsO-0002qk-EL for asrg-web-archive@optimus.ietf.org; Sun, 17 Aug 2003 22:36:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA26410; Sun, 17 Aug 2003 22:36:01 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19oZsK-0004Eh-00; Sun, 17 Aug 2003 22:36:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19oZsK-0004EZ-00; Sun, 17 Aug 2003 22:36:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZrJ-0002gm-Vz; Sun, 17 Aug 2003 22:35:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19oZr8-0002gA-6I for asrg@optimus.ietf.org; Sun, 17 Aug 2003 22:34:50 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA26376 for <asrg@ietf.org>; Sun, 17 Aug 2003 22:34:43 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19oZr4-0004Dm-00 for asrg@ietf.org; Sun, 17 Aug 2003 22:34:46 -0400
Received: from [68.27.232.147] (helo=68.27.232.147 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19oZr0-0004Db-00 for asrg@ietf.org; Sun, 17 Aug 2003 22:34:44 -0400
Message-Id: <6.0.0.14.0.20030817223412.0271a9b8@solidmatrix.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.14 (Beta)
To: Eric Dean <eric@purespeed.com>, Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>, asrg@ietf.org
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Sun, 17 Aug 2003 22:34:13 -0400

At 04:40 PM 8/15/2003, Eric Dean wrote:
>.............
> > My other "first reaction" to the proposal is that the SMTP idea is
> > interesting although the use of a 4xx temporary failure code for a
> > challenge will of course result in non-compliant sender MTAs
> > retrying and repeatedly failing. Of course in the end they'll
> > give up and then will the sender's original message bounce back?
>
>I'll let Yakov reply

[Sorry guys for the delay, but with the blackout my company's mail servers 
went offline and I missed the message.]

The CRI proposal itself proposes the use of SMTP in addition to MIME 
headers in order to facilitate easier interoperability between two systems 
that already support CRI. By using the SMTP extension, the receiver's 
system can forgo the expense of storing the email while the verification 
process takes place - instead that burden remains on the sender's system.

However, I am assuming that you are referring to "GreyListing" 
(http://projects.puremagic.com/greylisting/) which rejects the email with a 
temporary code. While GreyListing rejects email from specific 
IP/sender/recipient combinations, in C/R systems that would take place for 
any non-whitelisted message. This is in fact what Peter Key's TitanKey 
system does, although it rejects the message with a 5xx code.

A normal Internet email system will keep on retrying to send the message 
depending on settings set by administrator for quite some time (I have seen 
email systems that go on for over seven days). In the end they will fail 
and bounce the message to the sender. However, in that case the sender has 
an option to resend the message once he replied to the challenge. In that 
case, his email will go through.

NOTE: Keep in mind that the ESMTP extension in the CRI proposal only 
applies to two systems that both supports CRI. If one of the parties does 
not support CRI, then everything falls back on MIME headers.

> > I'm interested here in the interoperability issues between MTAs
> > which support CRI and those which don't. Some more discussion in
> > that area would be helpful.
>
>Well..the MIME headers should be transparent...then you still have to write
>a clear email message explaining what to do.

One of the things mentioned in the CRI proposals is the possible use of 
DSNs. DSNs have a human-readable message as well for system that are 
non-compliant. In CRI enabled systems, the human readable part will contain 
response directions for non-compliant systems. The machine-readable part 
will contain CRI headers for systems that support CRI.

Yakov  


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email