Since DNS is public and queryable in order to ensure routing, we feel
that everything will ultimately fall at the message level. Even
authorized "users" on a box are the old "Mail From" test which is
spoofable and constantly accessed by dictionary attacks.
Moreover, although people don't really think of IP spoofing as a
concern due to it's unroutable nature in two way conversations, our
tests have shown that Spammers are increasingly taking advantage of
this on a one way "Broadcast" stream to drop emails with the proper
IP's (especially in a private relay system with NAT'ing). In essence
they've adapted to the "RMX" test. As such, more IP's within the DNS
structure are simply more "roadmaps" for spammers to violate systems.
We don't want to go to deep into our Patent claims, but as soon as a
method goes beyond the typical domain and IP tests and verifies
whether or not an email originated from the system it says it is
coming from, is where we may have conflicts.
As an aside, Message Level does currently incorporate an "authorized
sender" component for distributed systems to send authorized email
without having to make their separate systems public. Thereby, taking
care of the relay and forward problems inherent within DNS tests.
We'd love to show you our prototypes.
From: Matthew Elvey [mailto:matthew(_at_)elvey(_dot_)com]
Sent: Saturday, June 19, 2004 4:49 PM
To: Bill Mcinnis
Subject: Factored lookup - ML patent claim issue.
On 6/18/04 1:40 PM, Bill Mcinnis sent forth electrons to convey:
Simplistically speaking, since domains/networks know how they are
configured, why not have a mechanism that can sit on their domain and verify
to those asking if a message came from their domain or network rather than
trying to explain their whole setup to everyone? Likewise for those receiving
the message have a mechanism that does the same thing in reverse. (for full
disclosure this process is also something we have patent claims and working
code on) That way you don?t have to list all of your users, ips, basically
diagram your whole network setup to everyone.
Does ML have patent claims on the factored approach for checking if a
domain has said an IP is in an authorized-to-mail part of its network?
I.E. DMP's $REV-ADDRESS-1.in-addr._smtp-client.$FQDN ? (Adopted by FSV.)
Stuff on factored being a good/bad idea:
"tradeoff: Block vs factored. Block records require more parsing, but
subsequent lookups suffer zero marginal DNS cost. Factored records need
less parsing, but each new negative means a new DNS lookup."
The following section of draft-irtf-asrg-lmap-discussion-01.txt
4.2. Network Infrastructure
Publication of LMAP information results in a readily available list
of IP addresses of hosts authorized to send messages associated with
a domain. These lists yield information about the network structure,
business relationships, and possibly other information about the
domain owner, as growing number of domains are owned by single people
or families. Such lists may also provide hostile parties with a list
of targets for possible attacks.
However, such information is often already publicly accessible
through other means. Anyone communicating with individuals at a
domain may readily obtain this information, and share it with anyone
else. Business relationships have been discovered, for example,
prior to official public announcements, by examining DNS records.
Nearly all such private information about network structure and
relationships may therefore be described as already being readily
available. If such information is to be kept secret, it is the users
responsibility to send messages in such a way as to keep that
This outgoing message is guaranteed to be authentic by MessageLevel users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.