I wanted to start this thread to discuss different methods of
authentication in email. All of these simply prove that the sender is
authentic increasing traceability and reducing forgery, they do not stop
spam by themselves. However, they force spammers into a corner, where
they can be dealt with easier.
It seems to me that we have the following (this will hopefully become a
draft):
1. Verifying that the sending IP address is a legit MTA.
PROBLEM: Spammers use hacked or virus infected machines to send spam.
SOLUTION: Allow the owner of the IP address to indicate that this
specific address cannot be used for sending email.
EXAMPLES: MTA Mark, centralized white lists for IP addresses (carrot and
stick), digital certificates,
ISSUES: Many users are not necessarily the real IP address owners.
Centralized systems have DDOS and power-grab issues. DNS-based solutions
have security issues.
SPAMMER WORKAROUNDS: Having a spammer friendly ISP, hacking DNS servers,
cache poisoning. Use a hacked computer that is legit.
2. Verifying that the sending IP address has permission to send email
for the domain that it used in HELO and MAIL FROM commands.
PROBLEM: Spammers tend to use return addresses of other valid domains in
order for their email to appear legitimate OR on purpose in order to
cause problems to the domain owner ("joe-job").
SOLUTION: Allow the owner of the domain, or a trusted third part to
specify which IP addresses are authorized to send email for that domain.
EXAMPLES: LMAP, DRIP, digital signatures and certificates, manual white
listing
ISSUES: Centralized systems have DDOS and power-grab issues. DNS-based
solutions have security issues.
SPAMMER WORKAROUNDS: Owning their own domains. Stealing someone else's
DNS, cache poisoning. Use a hacked computer that is legit.
3. Verifying that the sender's email address used in MAIL FROM is valid.
PROBLEM: Many times the spammers forge the originator's email address in
order to avoid bounces, to avoid detection, or for "joe-jobbing".
SOLUTION: Have the sender's MTA or the sender himself verify his
validity, use a centralized system for verification.
EXAMPLES: C/R and CRI, RCPT TO callback, digital signatures
ISSUES: Centralized systems have DDOS and power-grab issues. Existing
MTAs tend not to cooperate with callbacks. Users do not want to answer
C/R challenges. Anonymous email is killed.
SPAMMER WORKAROUNDS: Using someone else's valid email address, use their
own domains that answer "yes" to all callbacks and C/R challenges.
4. Verifying that the sender actually sent this specific email message.
PROBLEM: Many times the spammers forge the originator's email address in
order to avoid bounces, to avoid detection, or for "joe-jobbing".
SOLUTION: Have the sender's MTA or MUA verify that the sender actually
sent the message in question. Have the sender digital sign each message
or provide an e-postage token in each message, with verification via a
centralized system
EXAMPLES: CRI, MSG-TRACK, digital signatures, e-postage
ISSUES: Centralized systems have DDOS and power-grab issues. Existing
MTAs have no support for this ability. This increases traffic and opens
a possibility for DDOS attacks. Anonymous email is killed.
SPAMMER WORKAROUNDS: Operating their own email server, steal someone
else's account or falsely register in a centralized database. Use a
hacked computer that is legit.
5. Verifying that the sender is actually human and not a machine.
PROBLEM: The inherent issue with email is that it is generated by
machines which can pump out bulk email very fast.
SOLUTION: Force senders to verify their "humanity" every so often OR for
every message, or use a centralized system.
SOLUTIONS: C/R and CRI with Turing tests, digital signatures and e-postage
ISSUES: Centralized systems have DDOS and power-grab issues. Turing
tests do not work for disabled. This increases traffic and opens a
possibility for DDOS attacks. Anonymous email is killed. Users do not
like go through verification. Mailing lists have big problems.
SPAMMER WORKAROUNDS: Hire cheap humans (developed countries) or tricks
humans (free porn sites with Turing tests). Develop software to go
around Turing tests. Steal someone else's account or falsely register in
a centralized database.
6. Verifying that the sender is a legit human, and not a spammer.
PROBLEM: Even verifying that the sender is human does not mean he is not
a spammer.
SOLUTION: Use a reputation system or a centralized database.
SOLUTIONS: Digital signatures and certificates, "Internet license"
ISSUES: Centralized systems have DDOS and power-grab issues.
SPAMMER WORKAROUNDS: Steal someone else's account or falsely register in
a centralized database. Use a hacked computer.
Comments?
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"And this too shall come to pass"
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg