ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Server banner tags

2003-03-16 21:10:26
from [John R Levine] [Permanent Link] 
A couple of years ago Paul Hoffman and I worked out a scheme of SMTP
banner tags that server owners could use to publish their spam policies.
Laws about bulk mail could then require that mailers obey the tags.

Every SMTP transaction starts with the server sending a banner like this:

220 some random text

RFC 2821 says nothing about the text other than that the total line length
including the CRLF at the end can't be longer than 512 characters.  Our
proposal defines some simple strings that a server puts in the banner to
specify both the policy and the location of the server so any clients can
tell what law applies.  For example:

220 MAIL.EXAMPLE.COM   NO UCE C=US L=CA

NO UCE means no unsolicited commercial email accepted, C=US L=CA specify
the country and state in X.500-ese.  Or it could say

220 MAIL.EXAMPLE.COM  NO UBE C=US L=NY

NO UBE means no unsolicited bulk mail, this time in New York.

That's it.  When sending mail through relays, the banner from the MX
server for the recipient's domain is the one that matters.  If a domain
has multiple MX servers, it's up to the domain's management to make the
banners consistent.

Mailers can either test the banners on the fly while sending mail, or they
can use a listwashing program that checks the banners for the domains in a
list.  We have both the draft proposal and some sample listwashing code
(not because we think it's a particularly good idea, but to show how easy
it is) at http://www.cauce.org/proposal/

Some people have suggested making the banner an ESMTP extension rather
than putting it in the initial tag.  We don't like that idea both because
there are still plenty of servers that don't do ESMTP and because it
requires more work from the server to display the tag, at least three
round trips rather than just one.

Some have asked what if mail goes through either an ISP's mail server or
stolen relays so the sender doesn't see the recipient's tag.  The answer
is tough luck, it's the sender's job to check the tag, either by using a
mailing service that checks tags or by listwashing.

The point of the tags is to strengthen the property rights approach to
mail management, that the server's owner gets to make the rules.  In
effect this is a global opt-out list, but one that scales in the number of
servers rather than the number of mailboxes and that distributes the
opt-out info rather than requiring a central registry.  We've had
considerable interest from state legislators in California and Ohio to
refer to this in state law, and I hope to plug it at the FTC spam fest
next month.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
"I dropped the toothpaste", said Tom, crestfallenly.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
Next by Date:  Re: [Asrg] Position paper, in zipped HTML, Chris Lewis
Previous by Thread:  [Asrg] A method to eliminate spam, meor
Next by Thread:  Re: [Asrg] Server banner tags, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]