Embed Size (px)
Citation preview
A Retrospective on A Retrospective on Future Anti-Spam StandardsFuture Anti-Spam Standards
A Retrospective on A Retrospective on Future Anti-Spam StandardsFuture Anti-Spam Standards
Internet Society of ChinaInternet Society of ChinaBeijing – September, 2004Beijing – September, 2004
Dave CrockerDave CrockerBrandenburg InternetWorkingBrandenburg InternetWorking
<http://brandenburg.com/current.html><http://brandenburg.com/current.html>
Internet Society of ChinaInternet Society of ChinaBeijing – September, 2004Beijing – September, 2004
Dave CrockerDave CrockerBrandenburg InternetWorkingBrandenburg InternetWorking
<http://brandenburg.com/current.html><http://brandenburg.com/current.html>
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200422
Retrospective on the FutureRetrospective on the FutureRetrospective on the FutureRetrospective on the Future
Spam is complex, confusing and emotional Imagine that time has passed What changes will be important?
Email Will it still be easy to reach everyone? Will it be cumbersome, with fragmented communities?
Spam Legitimate business will behave acceptably (mostly) Rogue (criminal) spammers will be worse than today
Spam is complex, confusing and emotional Imagine that time has passed What changes will be important?
Email Will it still be easy to reach everyone? Will it be cumbersome, with fragmented communities?
Spam Legitimate business will behave acceptably (mostly) Rogue (criminal) spammers will be worse than today
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200433
Security FunctionsSecurity FunctionsSecurity FunctionsSecurity Functions
Term Function
Identification Who does this purport to be?
Authentication
Is it really them?
Authorization
What are they allowed to do?
AccreditationWhat do I think of the agency giving them that permission?
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200444
What Will Be Standard?What Will Be Standard?What Will Be Standard?What Will Be Standard?
Accountability(Author & Operator) AuthenticationAuthentication Authorization Reputation
Filtering Format of rules
Accountability(Author & Operator) AuthenticationAuthentication Authorization Reputation
Filtering Format of rules
Reporting & monitoring
Immediate problems Aggregate statistics
Enforcement(Contracts and laws
are standards) Terminology Acceptable behavior
Reporting & monitoring
Immediate problems Aggregate statistics
Enforcement(Contracts and laws
are standards) Terminology Acceptable behavior
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200455
Email Path(s) Today!Email Path(s) Today!Email Path(s) Today!Email Path(s) Today!
MUA
MSA MTA
MTA MDA
MUA
MTA
MTA
PeerMTA
PeerMTA
MTA
MTA
MTA
MTA
MTA
MTA
MDA
MUA
Mail Agents
MUA = UserMSA = SubmissionMTA = TransferMDA = Delivery
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200466
SPF and Sender-ID:SPF and Sender-ID:Author Path RegistrationAuthor Path RegistrationSPF and Sender-ID:SPF and Sender-ID:Author Path RegistrationAuthor Path Registration
oMUA MSA MTAMTA11
MTAMTA44 MDA rMUA
MTAMTA33
MTAMTA22
PeerMTA
PeerMTA
Assigns Sender & MailFrom
Did MSA authorize MTA1 to send this message?
Did MSA authorize MTA2
to send this message?
Did MSA authorize MTA3 to send this message?
1. Authority and Accreditation of MSA and MSA domain administrators
2. MSA must pre-register and trust each MTA in path
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200477
My Personal FavoritesMy Personal FavoritesMy Personal FavoritesMy Personal Favorites
Validate content DomainKeys Public key signature of
the message
Validate operator CSV Operator validates MTA
[Validate MailFrom] [BATV]
Validate content DomainKeys Public key signature of
the message
Validate operator CSV Operator validates MTA
[Validate MailFrom] [BATV]
Reputation CSA & DNA (CSV)
Reporting No candidates, yetNo candidates, yet
Enforcement We are still learningWe are still learning
Reputation CSA & DNA (CSV)
Reporting No candidates, yetNo candidates, yet
Enforcement We are still learningWe are still learning
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200488
Client SMTP Validation: Client SMTP Validation: Assess Peer MTAAssess Peer MTAClient SMTP Validation: Client SMTP Validation: Assess Peer MTAAssess Peer MTA
MUAMUA MSAMSA MTAMTA
MTAMTA MDAMDA MUAMUA
MTAMTA
MTAMTA
Peer MTA
• Does a domain's operator authorize this MTA to be sending email?
• Do independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse?
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 200499
CSV FunctionsCSV FunctionsCSV FunctionsCSV Functions
Term FunctionsIdentification Client SMTP HELO domain
name
Authentication Domain name lists IP Address
Authorization Name is authorized to be MTA
Accreditation 1. Name may point to accreditors
2. Accreditors may list domains
D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,Saeptember 20041010
How to Choose the FutureHow to Choose the FutureHow to Choose the FutureHow to Choose the Future
Look at each choice Who must adopt it? When? How much effort is need to administer it? How much does it change email?
Look at each choice Who must adopt it? When? How much effort is need to administer it? How much does it change email?
Xie XieXie Xie
