[Asrg] 6. Proposals - C/R and "callbacks"
Yakov Shafranovich <research@solidmatrix.com> Tue, 23 December 2003 21:09 UTC
Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10387 for <asrg-archive@odin.ietf.org>; Tue, 23 Dec 2003 16:09:44 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtmG-0001Eo-3y for asrg-archive@odin.ietf.org; Tue, 23 Dec 2003 16:09:16 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hBNL9GdG004755 for asrg-archive@odin.ietf.org; Tue, 23 Dec 2003 16:09:16 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtmF-0001Ec-Vw for asrg-web-archive@optimus.ietf.org; Tue, 23 Dec 2003 16:09:16 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10331 for <asrg-web-archive@ietf.org>; Tue, 23 Dec 2003 16:09:13 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AYtmE-00041E-00 for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:09:14 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AYtjJ-0003Ty-00 for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:06:14 -0500
Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1AYtgn-000333-00 for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:03:38 -0500
Received: from optimus22.ietf.org ([132.151.6.22] helo=optimus.ietf.org) by mx2.foretec.com with esmtp (Exim 4.24) id 1AYtgf-00020x-VI for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:03:34 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtgC-0000lK-Kd; Tue, 23 Dec 2003 16:03:00 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtHe-0008Hs-61 for asrg@optimus.ietf.org; Tue, 23 Dec 2003 15:37:38 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08365 for <asrg@ietf.org>; Tue, 23 Dec 2003 15:37:35 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AYtHZ-0001vl-00 for asrg@ietf.org; Tue, 23 Dec 2003 15:37:33 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AYtFd-0001q0-00 for asrg@ietf.org; Tue, 23 Dec 2003 15:35:33 -0500
Received: from smtp.sprintpcs.com ([63.167.114.16] helo=dedicated59-bos.wh.sprintip.net) by ietf-mx with esmtp (Exim 4.12) id 1AYtDi-0001kL-00 for asrg@ietf.org; Tue, 23 Dec 2003 15:33:34 -0500
Received: from solidmatrix.com (000-389-495.area3.spcsdns.net [68.29.235.141]) by dedicated59-bos.wh.sprintip.net (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003)) with ESMTPA id <0HQD00CIR7QWUE@dedicated59-bos.wh.sprintip.net> for asrg@ietf.org; Tue, 23 Dec 2003 20:33:05 +0000 (GMT)
From: Yakov Shafranovich <research@solidmatrix.com>
In-reply-to: <5.1.0.14.2.20031222190343.00b9db48@localhost>
To: Tony Toews <ttoews@mvps.org>
Cc: asrg@ietf.org
Message-id: <3FE8A67B.4030205@solidmatrix.com>
Organization: SolidMatrix Technologies, Inc.
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"; format="flowed"
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en, he, ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007
X-Enigmail-Version: 0.82.2.0
X-Enigmail-Supports: pgp-inline, pgp-mime
References: <5.1.0.14.2.20031222190343.00b9db48@localhost>
Content-Transfer-Encoding: 7bit
Subject: [Asrg] 6. Proposals - C/R and "callbacks"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Tue, 23 Dec 2003 15:32:59 -0500
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
[Subject changed, was "Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than in other protocols". Mod.] Tony Toews wrote: > At 08:18 PM 2003/12/22 -0500, you wrote: > >> The LMAP discussion document (based on Hadmut's comments in RMX), >> says that the single hop use of SMTP is a large part of the reason why >> spam is so wide-spread. There are 100's of millions of senders, each >> sending to only 100's of thousands of recipient MTA's. >> >> > How is this behavior helpful to stopping spam? >> >> If that imbalance in the network was addressed, spam would become >> significantly more manageable. It wouldn't stop entirely, but having >> a blacklist of 100K MTA's is signficantly easier than having >> blacklists of millions of IP's. > .. > From my very simplistic view of the email systems it seems to me that > the msgid id could be part of the verification mechanism. The > originating MTA stamps the outgoing email with a unique message id. > Once the header portion of the email is received then the recipient MTA > does a name lookup on the originating MTA and verifies that the > originating MTA sent that msgid. Once the receipient MTA finishes > accepting the email the originating MTA then never uses that msgid again. ... This approach is outlined by William Elan (he calls it "callback"): http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf This is also mentioned in the CRI proposal (level 2): http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt This basic argument against this is that it is very resource intensive, with a lot of extra costs such as more powerful servers that can handle callbacks, more bandwidth, and extra disk space to store IDs. There are also DOS issues: someone forging a domain can cause the forged domain to go under with too many callbacks. There are privacy issues as well, and possible replay attacks. However, the bottom line here, is that why go through the trouble of checking every single message. Granted that it increases costs, nevertheless if we can significantly reduce the problem through verification of MTAs as opposed to senders and messages, why go through the extra costs of message verification. This proposal is on the table, but we will pursue it only if a significant advantage vs. costs can be proven for this way of doing things, over others requiring less costs. Yakov ------- Yakov Shafranovich / asrg <at> shaftek.org SolidMatrix Technologies, Inc. / research <at> solidmatrix.com "Some lies are easier to believe than the truth" (Dune) ------- _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] [1] Why SPAM is worse in SMTP than in othe… Alan DeKok
- [Asrg] 1. Inventory of Problems - SMTP Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Dave Crocker
- Re: [Asrg] 1. Inventory of Problems - SMTP Markus Stumpf
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … mathew
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … J C Lawrence
- Re: [Asrg] 1. Inventory of Problems - SMTP Jon Kyme
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Dave Crocker
- Re: [Asrg] 1. Inventory of Problems - SMTP Markus Stumpf
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … ipeter@bigpond.net.au
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- Re: [Asrg] 1. Inventory of Problems - SMTP Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Markus Stumpf
- Re: [Asrg] 1. Inventory of Problems - SMTP Dave Crocker
- Re: [Asrg] 1. Inventory of Problems - SMTP Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- Re: [Asrg] 1. Inventory of Problems - SMTP Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Markus Stumpf
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Yakov Shafranovich
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Jon Kyme
- [Asrg] Re: [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- [Asrg] Re: [1] Why SPAM is worse in SMTP than in … Jon Kyme
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Alan DeKok
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Alan DeKok
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Yakov Shafranovich
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Troy Rollo
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Alan DeKok
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Alan DeKok
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Yakov Shafranovich
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Yakov Shafranovich
- [Asrg] [2] Spam Statistics Eric Dean
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Tony Toews
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… John R. Levine
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Jon Kyme
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Jon Kyme
- Re: [Asrg] [1] Why SPAM is worse in SMTP than in … Za'mbori, Zolta'n
- [Asrg] Re: Why SPAM is worse in SMTP than in othe… John R. Levine
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Alan DeKok
- [Asrg] Re: Why SPAM is worse in SMTP than in othe… Jon Kyme
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … John R. Levine
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Philip Miller
- [Asrg] 1. Inventory of Problems - Email vs. IM Yakov Shafranovich
- [Asrg] 6. Proposals - C/R and "callbacks" Yakov Shafranovich
- [Asrg] 1. Inventory of Problems - Costs of email Yakov Shafranovich
- Forgery in SMTP (was [Asrg] [1] Why SPAM is worse… Philip Miller
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … David Maxwell
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … David Maxwell
- Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is w… Alan DeKok
- Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is w… Walter Dnes
- [Asrg] Re: 03.1 Re: Forgery in SMTP (applying fla… Matthew Elvey
- Re: [Asrg] Re: 03.1 Re: Forgery in SMTP (applying… Walter Dnes
- Re: [Asrg] Re: 03.1 Re: Forgery in SMTP (applying… Alan DeKok
- [Asrg] 6, Proposals - SMTP Envelope Verification … Yakov Shafranovich
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … irtf-chair
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Philip Miller
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Vern Paxson
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Jon Kyme
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Jon Kyme
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Vern Paxson
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Jon Kyme
- Re: [Asrg] Re: Why SPAM is worse in SMTP than in … Vern Paxson
- RE: [Asrg] Re: Why SPAM is worse in SMTP than in … Denny Figuerres
- Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than… Markus Stumpf