IETF Logo Mail Archive

[spfbis] SPFbis WG scope

Douglas Otis <dotis@mail-abuse.org> Sat, 17 December 2011 03:52 UTC

Return-Path: <dotis@mail-abuse.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F105B11E808A for <spfbis@ietfa.amsl.com>; Fri, 16 Dec 2011 19:52:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.408
X-Spam-Level:
X-Spam-Status: No, score=-102.408 tagged_above=-999 required=5 tests=[AWL=0.191, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9sraqytvpE2 for <spfbis@ietfa.amsl.com>; Fri, 16 Dec 2011 19:52:38 -0800 (PST)
Received: from mailserv.mail-abuse.org (mailserv.mail-abuse.org [150.70.98.118]) by ietfa.amsl.com (Postfix) with ESMTP id 7CAA711E8080 for <spfbis@ietf.org>; Fri, 16 Dec 2011 19:52:38 -0800 (PST)
Received: from US-DOUGO-MAC.local (sjdcluxgateway2.sdi.trendnet.org [10.31.37.9]) by mailserv.mail-abuse.org (Postfix) with ESMTPSA id 3F66B17401C7 for <spfbis@ietf.org>; Sat, 17 Dec 2011 03:52:37 +0000 (UTC)
Message-ID: <4EEC1204.2000707@mail-abuse.org>
Date: Fri, 16 Dec 2011 19:52:36 -0800
From: Douglas Otis <dotis@mail-abuse.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: SPFbis discussion list <spfbis@ietf.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [spfbis] SPFbis WG scope
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2011 03:52:39 -0000

Attempts to elevate SPF to a standards track document just as Carrier 
Grade or Large Scale NATs appear distracts from a greater need to 
provide scalable cryptographic validation for SMTP servers.  SPF 
provides little protection against spoofing since MAILFROM is not seen.  
Efforts to extend SPF to include PRA suffers from similar problems since 
malefactors can use unseen PRA header fields as well.

The macro expansion required for SPF processing risks DDoS threats with 
little justification.  For example, SPF evaluation may require 
subsequent transactions formed by email-address local-parts.  Since most 
spam campaigns already modify source address local-parts, any targeted 
attack against a domain (which may not be present within these messages) 
will not burden malefactor's DNS since SPF records referenced by the 
domain portion of the email address will have been cached.  This permits 
both spamming and DDoS to occur simultaneously that exploits SPF's 
burden placed upon recipient resources.  Use of "exists" macros is 
equally nonsensical.  Any message with an email address pointing to 
existing resource records as dictated by SPF macros reveals absolutely 
nothing about who sent the message!

The 10 mechanism macro limit must include subsequent transactions 
necessary to resolve authorized IP address lists.  Even this seemingly 
low limit can result in significant levels of network amplification 
oweing to processing burdens placed upon recipients.  While email 
providers are unlikely targets, and processing complex SPF macros are 
seldom logged, there would be few clues regarding this attack from a 
victims perspective.  Assumptions that a valid authorization confirms 
the action of a domain is also wrong.  Often these authorizations are 
essential to ensure delivery can be accomplished by various email providers.

Rather than expecting recipients to discern whether an entire sequence 
of email deliveries properly executed the "who's it" handshake and that 
no one is lying all depends upon the last provider in the sequence.  
Recipients should be allowed to either trust the last provider or not, 
where authentication of this last provider represents the only scalable 
solution.

http://tools.ietf.org/html/draft-kucherawy-dkim-atps-11 provides a 
"single" transaction method for DKIM signers to authorize all last in 
sequence providers.  There is no reason to muddle with the return path 
for DSNs since this will further lower email integrity.

-Doug

v2.23.0 | Report a Bug | By Email