In January, I came up with a technically feasible solution to spam and email
viruses, coined 'Registered-Email', the details of which, I have posted
here:
http://www.intechcomm.net.au <http://www.intechcomm.net.au/>
As this requires a global change to the email system, it is fairly
ambitious, although technically sound.
Please read through the original post (at the address above) before reading
further.
Realising that any change to the existing email system, although sorely
needed, is going to be nearly impossible, I have devised a fairly workable
variation of the concept.
This is an early draft, although I am hoping you will see merit in the ideas
behind the concept, rather than dismissing individual aspects. Having said
that, I would really welcome all comments, as this certainly will need
refining:
'Trust-E-mail' - 'Trust-Based Mail Server Ranking'
Introduction.
The major hurdle faced by my 'Registered Email' concept is that it requires
active participation of the sender and effectively a global change to SMTP.
This variation of the 'registrar' component eliminates that problem.
Table of Contents
1.DNS Scan - The Innovation
2.Ranking System
3.Penalties
4.Database Usage
5.Procedures for New Mail Servers
6.Bonds
1. DNS Scan - The Innovation
This is performed to create an automated global white-list, for immediate
mail server trust ranking and immediate SMTP virus prevention for receiving
mail servers. This is done by creating an application that scans the DNS
Rootservers daily for:
Domain Name
MX Records
Domain Creation Date
Using this information, a database is created, containing:
Domain Name
MX Records
Domain Creation Date
Trust Level / Rank
Reset or 'Effective' Creation Date (for blacklist and spammers. For
permanent barring, this could be set 1000 years in advance and the Rank set
to "U" (see ranking system)
Trusted DNS blacklists, eg Spamhaus, should be applied against the resultant
initial database and the trust level / rank of blacklisted MX records should
be set to "U" (see ranking system).
2. Ranking system consists of:
"U" - Untrustworthy.
Any domain that is less than 12 months old and has not applied for a "P"
provisional or "B" bonded ranking. New servers should follow the steps
detailed in section 5 if they don't want to be treated as untrustworthy by
receiving mail servers.
"P" - Provisional.
Any domain that is more than 6 months old, but less than 12 months old, has
not been the subject of verified Spam complaints and has been sponsored /
vouched for by existing highly-ranked mail-servers (typically their ISP).
"B" - Bonded.
Any domain that is less than 12 months old, but has paid a security bond
against spamming, does not relay mail from clients that are not using SASL /
TLS / SPA and blocks outgoing emails with dangerous attachments.
"N" - Neutral.
Any domain that is more than 12 months old and has not been the subject of
verified Spam complaints.
"A" - Active.
Any domain that is more than 12 months old, has not been the subject of
verified Spam complaints and has been sponsored / vouched for by existing
highly-ranked mail-servers (typically ISPs).
"T" - Trusted.
Any domain that is more than 12 months old, has paid a security bond against
spamming, has not been the subject of verified Spam complaints and does not
relay mail from clients that are not using SASL / TLS / SPA.
OR
Any domain that is more than 36 months old, has not been the subject of
verified Spam complaints and does not relay mail from clients that are not
using SASL / TLS / SPA.
"E" - Elite.
Any domain that is more than 3 years old, has paid a security bond against
spamming and has not been the subject of verified Spam complaints and does
not relay mail from clients that are not using SASL / TLS / SPA.
3. Penalties:
Any mail server proven to send Spam will have its ranking lowered. 'Bonded'
mail servers could forfeit all or part of the bond supplied. Severe breaches
will result in a permanent "U" ranking being attributed.
4. Database Usage:
Receiving mail servers should perform a reverse DNS lookup and verify an
incoming mailserver is in the database. If not, the mail should be rejected,
as the sending mailserver is a virus. If used, the spoof-prevention
technique mentioned in my 'Registered-Email' concept notes will prevent mail
servers on private networks from being spoofed by viruses also residing on
the internal network.
The mailserver can also choose to check the database and either reject,
stamp or filter mail from the various ranked mailservers. Messages received
from "U" should either be rejected with a non-delivery report sent stating
why it was rejected, OR heavily stripped, stamped as 'untrustworthy' and
cleaned. Messages received from "P" and "N" ranked mailservers should have
dangerous file attachments and dangerous HTML tags and all ActiveX controls
stripped. These messages should be filed separately from the remaining
ranks. Messages received from "A","B", "T" or "E" ranked mailservers are
trusted.
5. Procedures for New Mail Servers:
New mail servers register their MX details in the DNS as usual and then
choose to either:
a. Forward all mail through their ISP, using SASL. Configure the mail
server for SASL clients only and block outgoing emails with dangerous
attachments. At 6 months, seek 'sponsorship' from another highly-ranked mail
server owner (typically your ISP) and apply for a "P" provisional ranking.
The mail server must also pass checks to verify SASL compliance and blocking
of outgoing emails with dangerous attachments. This is typically for a home
mail server or a small business.
b. Apply for a "B" (Bonded) ranking. This is predominantly for larger
businesses.
6. Bonds
To qualify for a "B" ranking, the mail server owner must supply enough
proof-of-ID, in person, to an authorised agent of the database owner. The
mail server must also pass checks to verify SASL compliance and blocking of
outgoing emails with dangerous attachments.
After 12 months, the bond can be returned - to receive a "N" rating, or kept
to receive a "T" rating. Likewise, at 36 months the bond can be returned to
receive a "T" rating, or kept to receive an "E" rating.
Summary
This is an extremely easy-to-implement, automated 'whitelist' solution,
similar to my 'Registered Email' concept, that will prevent viruses and the
majority of Spam. Existing mailservers will already fall into the "U", "N",
"A" and "T" ranks. This requires no active participation of the sender or
end-recipient, although it will be rewarded, prevents SMTP virus replication
and allows for 'home' and 'hobby' email servers.
Thanks for your time. I welcome your comments and criticism.
Regards,
Joshua Leisk