Re: 6. Proposals - Sender Verification (was Re: [Asrg] Simple way to verify sender, track mail abusers)
Yakov Shafranovich <research@solidmatrix.com> Mon, 29 September 2003 06:15 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26730 for <asrg-archive@odin.ietf.org>; Mon, 29 Sep 2003 02:15:35 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3rJR-0007kV-9w for asrg-archive@odin.ietf.org; Mon, 29 Sep 2003 02:15:13 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8T6FDqY029787 for asrg-archive@odin.ietf.org; Mon, 29 Sep 2003 02:15:13 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3rJP-0007kM-L0 for asrg-web-archive@optimus.ietf.org; Mon, 29 Sep 2003 02:15:11 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26679 for <asrg-web-archive@ietf.org>; Mon, 29 Sep 2003 02:15:03 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3rJM-0001P9-00 for asrg-web-archive@ietf.org; Mon, 29 Sep 2003 02:15:08 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A3rJL-0001P6-00 for asrg-web-archive@ietf.org; Mon, 29 Sep 2003 02:15:07 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3rJH-0007ho-OM; Mon, 29 Sep 2003 02:15:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3rIS-0007dr-On for asrg@optimus.ietf.org; Mon, 29 Sep 2003 02:14:12 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26598 for <asrg@ietf.org>; Mon, 29 Sep 2003 02:14:04 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3rIP-0001OZ-00 for asrg@ietf.org; Mon, 29 Sep 2003 02:14:09 -0400
Received: from smtp.sprintpcs.com ([63.167.114.16] helo=dedicated60-bos.wh.sprintip.net) by ietf-mx with esmtp (Exim 4.12) id 1A3rIO-0001Nz-00 for asrg@ietf.org; Mon, 29 Sep 2003 02:14:08 -0400
Received: from solidmatrix.com ([68.27.216.138]) by dedicated60-bos.wh.sprintip.net (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003)) with ESMTPA id <0HLY00B2LP61N1@dedicated60-bos.wh.sprintip.net> for asrg@ietf.org; Mon, 29 Sep 2003 06:10:55 +0000 (GMT)
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: Re: 6. Proposals - Sender Verification (was Re: [Asrg] Simple way to verify sender, track mail abusers)
In-reply-to: <3F77B1A2.5030307@fireserve.net>
To: Dennis Gearon <gearond@fireserve.net>
Cc: david nicol <whatever@davidnicol.com>, asrg@ietf.org
Message-id: <3F77CCE4.3050704@solidmatrix.com>
Organization: SolidMatrix Technologies, Inc.
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"; format="flowed"
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
References: <3F737A5E.8080606@fireserve.net> <3F737D96.10000@solidmatrix.com> <3F738916.8070907@fireserve.net> <1064790496.970.21.camel@plaza.davidnicol.com> <3F77B1A2.5030307@fireserve.net>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Mon, 29 Sep 2003 02:10:44 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Dennis Gearon wrote: > david nicol wrote: >> On Thu, 2003-09-25 at 19:32, Dennis Gearon wrote: >>>> >>> Yakov Shafranovich wrote: >>> >>>> Fourth, take a look at the CRI proposal: >>>> http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt >>> >>> Actually, my idea, I believe, takes care of most of the problems with >>> the Level 2 CRI system. I will think about it for awhile. >> >> >> When is CRI 01 due? Who is maintaining it (I nominate Eric Dean)? >> It has been pointed out that body hashing would make CRI level-2 >> work, and this was AIUI generally agreed-to. Yet a revised CRI >> document has not yet appeared. >> >> > I suggested both body and specific headers be hashed. And only 32 bytes > from the body to save processor time. Someone gave some good, valid > reasons why the CRI/hash idea has problems, but I think they would not > be too hard to overcome. Mostly, it was: > > A/ The need to keep records of what is sent. > B/ The additional changes to SMTP required > (Anyone really believe that SMTP will forever be extendible and > not have to be replaced someday?) > C/ Messages can't be stopped before they leave, only when they arrive. > > Well, I am too tired and not well enough versed to coment on A and B. > However, regarding CI think that the whole SPAM problem has to be solved > in a two part solution anyway: > A/ Develop a way to know who is sending what, and receivers can > decide to accept or not mail that is not certified to be from who it > says it is from. Also take a look at: http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf > B/ Implement blocking on the send or receive sides, using lists, or > authority, or validation, etc. > Take a look at: http://www.solidmatrix.com/research/asrg/asrg-consent-framework.html > My proposal, and CRI/hash in general only addresses A. I leave B to more > knowledgable people. > > > > _______________________________________________ > Asrg mailing list > Asrg@ietf.org > https://www1.ietf.org/mailman/listinfo/asrg > _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Simple way to verify sender, track mail ab… Dennis Gearon
- 6. Proposals - Sender Verification (was Re: [Asrg… Yakov Shafranovich
- Re: 6. Proposals - Sender Verification (was Re: [… Dennis Gearon
- Re: 6. Proposals - Sender Verification (was Re: [… david nicol
- RE: 6. Proposals - Sender Verification (was Re: [… Eric Dean
- Re: 6. Proposals - Sender Verification (was Re: [… Dennis Gearon
- Re: 6. Proposals - Sender Verification (was Re: [… Yakov Shafranovich
- Re: 6. Proposals - Sender Verification (was Re: [… Yakov Shafranovich
- Re: 6. Proposals - Sender Verification (was Re: [… Yakov Shafranovich
- RE: 6. Proposals - Sender Verification (was Re: [… Eric Dean