ietf-asrg
[Top] [All Lists]

Re: [Asrg] spf

2004-03-28 14:34:37

    http://nucleo.freeservers.com/mba/

This is actually not LMAP, what is proposed there is simplistic type of 
message tracking. But the way its describes has 0 chance of being workable 
in the real life when millions of emails are exchanged. DNS is simply not 
capable of being used for such purposes.

Where as tracking has number of positive implications and provides for 
pretty good way to verify that some particular message did indeed come 
through such and such mail server, it does have its drawbacks in necessity
for servers to maintain this information (which all of the MTAs already do 
in the logs in reality) and provide public access to it in real-time on 
the net (which itself does break existing mail system since its peer-peer 
and there is no guarantee that recepient mail server is on the same 
network as sender and that they could contact each other in real-time) 
and such system could also be exploited for possible DoS attacks (although
that is true about standard email or dns or many other protocols and is 
something that can be dealt with with carefull engineering of protocol 
and implementation programs). But in any case message tracking would need 
to be its own protocol or built in as part of MTA callback verification 
and not in any way done with dns which is not scalable for such system.

Another way to do message tracking that does not require separate running 
service to confirm the message data is to do use cryptography. Several 
possibilities exist there from signing original message from the sender
end (PGP, S/MIME) to adding some type of cryptographically verifiable 
tracking information by MTAs, such as signing received header data or 
having MTAs compute some has for the message and sign that (this is 
what Yahoo has proposed with DomainKeys - I'd love to see the details as 
this really looks like a good proposal which does not break existing 
infrastructure).

On Sun, 28 Mar 2004, Yakov Shafranovich wrote:

LMAP-related discussions for SPF and other proposals have moved to the 
MXCOMP list (http://www.imc.org/ietf-mxcomp/).

Yakov

Radu Hociung wrote:

Unfortunately,
 
A spammer can just as well set this up. This system does not 
discriminate based on the intention or identity of the sender.
 
Also, I think a good test to any anti-spam proposal is this: Would this 
be a sustainable model if it became mainstream?
 
Your approach relies on a lot of wasted resources at the DNS cache 
level; imagine what would happen to Hotmail's caching DNS servers if 
they would cache two entries for every 2.5B spam messages they receive 
every day?
 
I didn't like the pop-ups.
I appreciate the effort, though; you may have something, but it needs 
more work.
Radu.
--
Radu Hociung                                                 
radu(_at_)ohmi(_dot_)org
 

    -----Original Message-----
    *From:* asrg-admin(_at_)ietf(_dot_)org 
[mailto:asrg-admin(_at_)ietf(_dot_)org] *On Behalf
    Of *spharion(_at_)directnet(_dot_)com(_dot_)br
    *Sent:* Saturday, March 27, 2004 7:10 AM
    *To:* asrg(_at_)ietf(_dot_)org
    *Subject:* [Asrg] spf

    this is a tentative option to spf, but does not
    seem to break forwarding:

    http://nucleo.freeservers.com/mba/

    have fun. gone, ricardo.




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>