making mail traceable (was Re: Received header Considered Pathetic)
2004-01-16 09:47:07
The "Received" header is woefully inadequate for spam tracing
True. Then again, so is the rest of the message format and mail
transport.
If we really want to make mail traceable, we need to do a bit more than
fix Received. As I see it, we need:
- A message hash function that is invariant across the various kinds of
munging that happens in mail transport, but still good enough for
non-repudiation (though it probably won't be good enough to serve as a
general-purpose signature)
- An originator-id separate from From, MAIL FROM/Return-Path, Reply-To
or Sender that uniquely distinguishes the originator of the message
from other message originators. it doesn't have to actually expose the
originator's name, email address, account name, etc. - it could be a
nonce as long as the originating ISP or organization could trace it to
the actual originator within a reasonable time.
- A new header field which associates the message hash, originator-id,
timestamp, and originating ISP or organization, which is signed by that
originating ISP or organization, and which is easily verifiable by
recipients or MTAs
- A way to ensure that messages get tagged with originator-id when they
are injected into the mail systems (e.g. ISPs blocking port 25 and/or
MTAs refusing to accept incoming mail without originator-ids or with
unverifiable originator-ids)
- If you really wanted to, you could augment Received or add a new
trace field that recomputed the hash at each hop (to show if and where
the message was corrupted in transport)
This would give you a way to associate each message with an identifier
for the originator, issued by the originator's ISP or organization.
Then you'd need some way to ask that ISP or organization "is the guy
who sent this message trustworthy?" And they could say "as far as we
know, he doesn't have many abuse reports and he's been with us for
years" or "he just signed up yesterday" or "this is a trial account, we
have no billing information for him" or "we've had several hundred
abuse reports in the last 3 hours". And the receiving MTA or recipient
could delay, filter, or bounce the message accordingly. Of course,
some ISPs would lie, and some would not support the verification
protocol. But they'd get reputations for those decisions, and they'd
be marginalized.
But do we really want traceability? Or to put it another way, do we
really want to put hooks in the mail system that make mass surveillance
(by governments, or perhaps even by large companies or unscrupulous
ISPs) that much easier?
Keith
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Revisiting RFC 2822 grammar (quoted-pair), (continued)
- Re: Revisiting RFC 2822 grammar (obs-time-of-day), Bruce Lilly
- Re: Revisiting RFC 2822 grammar, Arnt Gulbrandsen
- Re: Revisiting RFC 2822 grammar (scratching the surface of Received issues), Bruce Lilly
- Received header Considered Pathetic (was Re: Revisiting RFC 2822 grammar (scratching the surface of Received issues)), Nathaniel Borenstein
- making mail traceable (was Re: Received header Considered Pathetic),
Keith Moore <=
- Re: making mail traceable, James M Galvin
- Re: making mail traceable, Dave Crocker
- Re: making mail traceable, James M Galvin
- Re: making mail traceable, Al Costanzo
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, James M Galvin
- Re: making mail traceable, Al Costanzo
- Re: making mail traceable, Keith Moore
- Re: making mail traceable, James M Galvin
- Re: making mail traceable, Keith Moore
|
|
|