Yakov Shafranovich wrote:
From the following article:
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=16400308
-------------------------
"One organization working on sender-authentication mechanism is a
commercial alliance comprising the biggest consumer e-mail providers:
Microsoft, Yahoo, America Online and Earthlink."
"Under the proposal, ISPs and any other organization with their own
domain name system (DNS) would use a private key in their mail servers
to place an encrypted code in the header of each piece of outgoing mail.
When the mail arrived at its destination, the receiving mail server
would get the sender's public key from its DNS server to decrypt the
header, thus verifying the message's origin.
If the message is spam, or even a legitimate marketing message the
receiver doesn't want, then email from that DNS can be blacklisted, or
automatically blocked. "Once you have identity, then you can establish
reputation and trust," Libbey said. "Those are really important concepts
in e-mail."
Yahoo has done some proof-of-concept testing of the idea internally, but
the technology is still at the early stages of development and no
timetable for general release has been set."
-------------------------
The quoted description sounds like an end-to-end implementation of a
designated outgoing MTA protocol. This actually sounds better, on first
impressions, than the current LMAP ideas, for three big reasons. First, this
would be easier for senders to implement, because it doesn't require listing
every MTA in DNS and it keeps configuration of a new MTA confined to that
machine (all that has to be done is loading the private key). Second, it
would require much less change to DNS, because only a single new record
would be needed for each domain, rather than one for each server sending for
that domain. Third, it would eliminate the issues of forwarding (.forward,
aliases), because it checks the message originator in all circumstances.
Indeed, it could allow for more trustworthy forwarding if the intermediate
MTA were also checked.
Now, my concerns: why have they not published a technical proposal for this
yet? If there's anyone from the members of this alliance on this list, could
they please step forward? Much more would be achieved by doing this
publicly, and we've seen time and again that the IETF process works pretty
damn well at working out problems before they become standards.
Also, the comment about organizations with their own DNS doesn't sit well
with me. From the rest of the description, it should be fine for anyone with
their own domain name and mail server, not their own DNS server as the quote
seems to imply.
Finally, the reporter's remark about blacklisting based on this is
senseless, because new domains are easy to obtain. This has already been
stated multiple times.
From a different part of the article:
"The ASRG is considering three major proposals, Reverse MX, Sender Permitted
From and Designated Sender Protocol, John R. Levine, co-chair of the
organization said.
"They're bascially all variations on the same theme, which is the attempt to
identify mail that's not coming from where it should," Levine said."
Perhaps Alan DeKok would be more qualified to comment on this, but this
statement is not really accurate in light of the work on a combined LMAP draft.
--
Philip Miller
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg