ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Re: Supplemental addresses (was: Indirection as a useful tool)

2006-02-07 09:20:33
from [ajv-oarybolive] [Permanent Link] 
---------------

All mail into and out of the enterprise is configured to pass through the
system as a gateway. On the way out, the system determines, based on a
fairly large number of criteria, which supplemental address(es) (if any)
are to be used or whether a new one is to be created.  All references to
the original, "internal" address are replaced in the header, body and
certain attachments with the "correct" supplemental address before delivery
to the recipient.
On replies and messages sent back, the process is reversed.

Isn't this (an over engineered) auto-whitelist?


No, because you're not tabulating policy based on outside sender, you're
implementing your policy against the E-mail address you show to this part of
the world.


oh boy.
Mailbox NAT.
So much for end-to-end.


Why do you claim an end-to-end problem?  You can reach any correspondent,
and they can reach you back, with the same level of automation as the
current E-mail system.

A different way to look at this is that you've overloaded the From: field
with not only your E-mail account name but also a credential.  This
credential is transitive (in the sense that if you order from Foo Corp., and
they give that E-mail address to UPS for tracking updates, UPS can reach you
via it too) and revocable (so if it gets abused, you shut it off, without
affecting any users of any other credentialed variants of your
address--including UPS, who might also be sending you updates concerning
your Bar Corp. order).

If it sounds like I have some experience living with this... :->

We're now in year 2 or 3 or so with an implementation of this technique.  I
still owe this list an updated document, but you can read the older version
at:
        http://www.vsta.org/spam/

The short version is that it continues to work very well for us.

It turns out that you don't need a custom E-mail gateway, you can implement
it all in your local E-mail client.  All you need from the mail server is
tha ability to register those credentialed variants of your address.  We did
that in bulk, pouring them into the aliases file.  Then on demand my mail
client can take the next free one from the list, checking off its use (and
tabulating for whom it was allocated).

Regards,
Andy Valencia

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] Re: Supplemental addresses (was: Indirection as a useful tool), ajv-oarybolive <=
Previous by Date:  Re: [Asrg] Supplemental addresses (was: Indirection as a useful tool), william(at)elan.net
Next by Date:  Re: [Asrg] Supplemental addresses (was: Indirection as a useful tool), Joe McIsaac
Previous by Thread:  [Asrg] Charging for e-mail, Craig Cockburn
Next by Thread:  [Asrg] Re: The thin end of the wedge? SPF Thoughts, Douglas Campbell
Indexes:  [Date] [Thread] [Top] [All Lists]