Filtering by target email address - i.e. some
add ietf+email or whois+email, etc. and use
that to futher differentiate how filter may do the work
The method of inserting a "digital signature" or other
distinguishing mark into an address is an effective way of creating a
"single user" email address that can be used to limit the utility of
email addresses to any other than authorized users. Creating "single
user" addresses gets around the problem we have today with addresses
which are equally useful to anyone who can discover them.
In the most basic approach, you take a "Base" address, say:
"bob(_at_)example(_dot_)com" and then add to it a sender dependent part which
creates an address whose utility is limited to a particular sender.
Thus, if I want to authorize "sally(_at_)foo(_dot_)com" to send mail to me, I
might
generate a digital signature on the combination of sally's FROM address
and my own address that looks like "poiypoi/syK9798". I would then have
Sally use the address "bob+poiypoi/syK9798(_at_)example(_dot_)com" when sending
mail to me. My mail server or client can then inspect incoming mail and
check to see whether or not messages to me use "authorized" addresses.
If an address isn't properly authenticated (either because it doesn't
contain a signature or because the signature is incorrect), then my
software would be able to flag the message as one that is not
authorized.
By using such a system, you can significantly reduce the value
of a "stolen" email address since mail that doesn't have a proper
signature in the "TO" address would be either deleted or shunted into a
"possible junk mail" folder. The system the nice feature of allowing
both "authenticated" and "unauthenticated" senders. Your "base" address
(i.e. the address with no "+" part, would be generally used by anyone
who is contacting you for the first time or who does not have an
established relationship with you. Such mails a "suspect" and would be
filed into an appropriate in-box. However, people who have a
relationship get a personal "single user" address for you that allows
them to send directly to your "trusted" email inbox. Messages with bad
authentication (i.e. wrong signatures) could be filed in a third inbox.
The system would relies, to a certain extent, on FROM addresses
not being forged and thus mechanisms to increase our ability to trust a
FROM address would make it stronger. However, the system is still useful
even in light of forged FROM addresses since a spammer, in order to gain
access to the "trusted" inbox, would need to know both a "single-user"
email address as well as the FROM address that goes with it. Obtaining
this pair of data is much more difficult than what is needed today --
today, you only need to have one piece of info: A valid email address.
Also, it should be noted that if one detects that a spammer *has*
obtained the pair and is sending forged messages, you now know from whom
the address was "stolen" which is very useful data. Also, you can simply
issue a new "single user" address to your correspondent (after getting
them to promise that they will take better care of their address book in
the future) and then use a "black list" to filter out messages sent
using the old authentication code.
Adding the authentication code to TO addresses is something
which is supported today by any email system that supports the "+"
convention (i.e. text between the "+" and the "@" is ignored by the
server). Thus, sendmail servers, many IMAP servers, Verisign's mail
system, Earthlink, etc. have no problem properly handling email that
contains authentication codes and thus have "latent support" for
single-user addresses today. However, it is the case that not all
systems handle this stuff. For instance, Hotmail and a variety of other
mail providers don't... But, that could be fixed.
This solution provides authorization of senders with fine
granularity, allows unanticipated senders to get messages to you, and
permits the "revocation" of sending rights when addresses are found to
have been compromised. Also, this method still leaves plenty of room for
folk who want to work with "spam filters" since filters can be usefully
employed as a secondary filter on messages that have been accepted into
"junk mail" folders. (You might have spam filter that focuses on
classifying "junk mail" into "really junk" in a Red folder and "not sure
if it is junk" in a Grey folder, but tell your filters not to touch
messages which have been received with trusted, single-user addresses.
bob wyman
Note: I believe that Intel/Xircom and others have patents that cover
some applications of this technology.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg