IETF Logo Mail Archive

[Asrg] 6. Proposals - C/R and "callbacks"

Yakov Shafranovich <research@solidmatrix.com> Tue, 23 December 2003 21:09 UTC

Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10387 for <asrg-archive@odin.ietf.org>; Tue, 23 Dec 2003 16:09:44 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtmG-0001Eo-3y for asrg-archive@odin.ietf.org; Tue, 23 Dec 2003 16:09:16 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hBNL9GdG004755 for asrg-archive@odin.ietf.org; Tue, 23 Dec 2003 16:09:16 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtmF-0001Ec-Vw for asrg-web-archive@optimus.ietf.org; Tue, 23 Dec 2003 16:09:16 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA10331 for <asrg-web-archive@ietf.org>; Tue, 23 Dec 2003 16:09:13 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AYtmE-00041E-00 for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:09:14 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AYtjJ-0003Ty-00 for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:06:14 -0500
Received: from [65.246.255.50] (helo=mx2.foretec.com) by ietf-mx with esmtp (Exim 4.12) id 1AYtgn-000333-00 for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:03:38 -0500
Received: from optimus22.ietf.org ([132.151.6.22] helo=optimus.ietf.org) by mx2.foretec.com with esmtp (Exim 4.24) id 1AYtgf-00020x-VI for asrg-web-archive@ietf.org; Tue, 23 Dec 2003 16:03:34 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtgC-0000lK-Kd; Tue, 23 Dec 2003 16:03:00 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AYtHe-0008Hs-61 for asrg@optimus.ietf.org; Tue, 23 Dec 2003 15:37:38 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08365 for <asrg@ietf.org>; Tue, 23 Dec 2003 15:37:35 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AYtHZ-0001vl-00 for asrg@ietf.org; Tue, 23 Dec 2003 15:37:33 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AYtFd-0001q0-00 for asrg@ietf.org; Tue, 23 Dec 2003 15:35:33 -0500
Received: from smtp.sprintpcs.com ([63.167.114.16] helo=dedicated59-bos.wh.sprintip.net) by ietf-mx with esmtp (Exim 4.12) id 1AYtDi-0001kL-00 for asrg@ietf.org; Tue, 23 Dec 2003 15:33:34 -0500
Received: from solidmatrix.com (000-389-495.area3.spcsdns.net [68.29.235.141]) by dedicated59-bos.wh.sprintip.net (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003)) with ESMTPA id <0HQD00CIR7QWUE@dedicated59-bos.wh.sprintip.net> for asrg@ietf.org; Tue, 23 Dec 2003 20:33:05 +0000 (GMT)
From: Yakov Shafranovich <research@solidmatrix.com>
In-reply-to: <5.1.0.14.2.20031222190343.00b9db48@localhost>
To: Tony Toews <ttoews@mvps.org>
Cc: asrg@ietf.org
Message-id: <3FE8A67B.4030205@solidmatrix.com>
Organization: SolidMatrix Technologies, Inc.
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"; format="flowed"
Content-transfer-encoding: 7bit
X-Accept-Language: en-us, en, he, ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007
X-Enigmail-Version: 0.82.2.0
X-Enigmail-Supports: pgp-inline, pgp-mime
References: <5.1.0.14.2.20031222190343.00b9db48@localhost>
Content-Transfer-Encoding: 7bit
Subject: [Asrg] 6. Proposals - C/R and "callbacks"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Tue, 23 Dec 2003 15:32:59 -0500
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

[Subject changed, was "Re: [Asrg] Re: [1] Why SPAM is worse in SMTP than 
in other  protocols". Mod.]

Tony Toews wrote:
> At 08:18 PM 2003/12/22 -0500, you wrote:
> 
>>   The LMAP discussion document (based on Hadmut's comments in RMX),
>> says that the single hop use of SMTP is a large part of the reason why
>> spam is so wide-spread.  There are 100's of millions of senders, each
>> sending to only 100's of thousands of recipient MTA's.
>>
>> > How is this behavior helpful to stopping spam?
>>
>>   If that imbalance in the network was addressed, spam would become
>> significantly more manageable.  It wouldn't stop entirely, but having
>> a blacklist of 100K MTA's is signficantly easier than having
>> blacklists of millions of IP's.
> 
..

>  From my very simplistic view of the email systems it seems to me that 
> the msgid id could be part of the verification mechanism.   The 
> originating MTA stamps the outgoing email with a unique message id.  
> Once the header portion of the email is received then the recipient MTA 
> does a name lookup on the originating MTA and verifies that the 
> originating MTA sent that msgid.  Once the receipient MTA finishes 
> accepting the email the originating MTA then never uses that msgid again.
...

This approach is outlined by William Elan (he calls it "callback"):

http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf

This is also mentioned in the CRI proposal (level 2):

http://www.ietf.org/internet-drafts/draft-irtf-asrg-cri-00.txt

This basic argument against this is that it is very resource intensive, 
with a lot of extra costs such as more powerful servers that can handle 
callbacks, more bandwidth, and extra disk space to store IDs. There are 
also DOS issues: someone forging a domain can cause the forged domain to 
go under with too many callbacks. There are privacy issues as well, and 
possible replay attacks.

However, the bottom line here, is that why go through the trouble of 
checking every single message. Granted that it increases costs, 
nevertheless if we can significantly reduce the problem through 
verification of MTAs as opposed to senders and messages, why go through 
the extra costs of message verification. This proposal is on the table, 
but we will pursue it only if a significant advantage vs. costs can be 
proven for this way of doing things, over others requiring less costs.

Yakov

-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Some lies are easier to believe than the truth" (Dune)
-------


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email