Filtering returning bounces based on Message-ID requires
that the MX
keep a DB of known-valid IDs. This is a non-trivial expense.
No it does not.
Let the MUA choose a random value X, store it in a place that
is persistent.
Each time a MessageID is constructed the following algorithm
is used:
stem = date + serial + '@'
checksum = MAC (stem, X)
ID = stem + base32 (checksum)
We thus end up with an id that is guaranteed unique (to a much
higher degree of confidence than ordinary IDs, especially the
ones my behind 3 NATs MUA constructs). It also leaks a lot less
info than the recommended construction with the domain name
which these days looks to me like a privacy bug.
It also has the property that anyone who knows X can check that
the message ID was in fact generated by the client.
So basically simple rules for whitelisting could be something
like:
Accept if the reply-to has a message-ID you sent
Accept if one of the references has a message-ID you sent
otherwise filter through spamfilter
Bounces are a special case since it would be nice if we could
create a construction so that we could reject mail bounces
from malfunctioning MTAs that are bouncing to the original
author of a message on a mailing list.
If we combine with authentication we could automatically
white, better greylist by domain.
Score Message that is
100pts - a direct reply-to one you sent
80pts - a reference to one you sent
50pts - from someone you got a reply from in the past
30pts - same domain as someone you got a reply from
+40pts if IP address authentication
+60pts if Certificate authentication
[Can tune these via minimum least square optimization]
Another thing you can do with this is to automatically
file lists using the opt-in message reply-to.
So imagine this, you get an email of the opt-in variety,
you reply to it and when the mail comes from that list
it is automatically filled in a folder just for that
list.
This can be done quite easily if you can recognize an
opt-in challenge, easily done with a custom header. It
should not cause any intrusive GUI interaction since it
could be spam until responded to affirmatively.
From then on you filter on the basis of the List: headers.
phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg