|
Re: [Asrg] A Vouch By Feedback proposal
2009-07-08 03:54:56
J.D. Falk wrote:
Vouch By Feedback could be a useful modification of the Vouch By
Reference standard, if it didn't break its installed base.
What installed base?
For one,
MDaemon mail server software uses the advanced email authentication
techniques of Vouch By Reference (VBR) and validates and signs
messages using DKIM, DK, Sender-ID, and SPF.
http://www.mdaemon.co.nz/Products/MDaemon
VBF adds a DNS record pointing from the vouched domain to the vouching
server email address. It could be an RP RR type, where the address is
meant to receive the message/feedback-report (AFR) complaints. Web
is-spam buttons direct reports to the ESP, who should forward them to
any sender's vouching service. Clients who implement FBLs might send
them to the relevant voucher directly.
Variations of this theme have been discussed dozens of times, always
trying to piggyback on some other technology: SPF (which doesn't make
sense), DKIM (which almost makes sense), et cetera.
Basically, it should leverage SUBMIT. While DKIM may sign the From
or Sender headers, it doesn't assure that the content of that field
has been authenticated, IIRC. Actully, we need a weaker statement:
that some of the signed headers has enough information for the
originating server(s) to recover the authenticated identity of the
submitter. That allows for anonymous sending.
The problem, unfortunately, is that the use cases are unclear. I'd
recommend starting by defining those cases -- not merely "I want to send
complaints about spam" or "I want to receive complaints so my mail
doesn't get blocked," but every possible permutation, end-to-end.
Improper use of TIS buttons was discussed some months ago. "I want
to ban from sending whoever mailed me this" is the new case for them.
Vouchers, in turn, shall forward
reports to the accountable originating ESP. The latter shall ban guilty
users from sending for an amount of time proportional to the number of
complaints. If the voucher sees complaints against users who should have
been banned from sending, it shall suspend its vouching service for the
relevant sender.
Here you're getting out of the technology, and into dictating behavior.
I wouldn't be surprised if the agreements between message sender,
voucher, and message receiver end up looking something like what you
describe, but the technology should be agnostic and let those three
parties make any agreement they feel is appropriate for their individual
situations.
Agreed. In that respect, a voucher can mandate that behavior even
using the existing VBR standard. Only the destination of complaints
deserves further standardization. Standard AFR is on its way, isn't it?
Dictating behavior should be done by lawmakers, of course. However,
they cannot write the standards, and may encounter difficulties even
in identifying the items that populate cyberspace. It seems a
somewhat tighter cooperation is required in order to sort out an
effective anti-spam regulation.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, Alessandro Vesely
- Re: [Asrg] VPNs, Bill Cole
- Re: [Asrg] VPNs, der Mouse
- [Asrg] A Vouch By Feedback proposal (was: VPNs), Alessandro Vesely
- Re: [Asrg] A Vouch By Feedback proposal, J.D. Falk
- Re: [Asrg] A Vouch By Feedback proposal,
Alessandro Vesely <=
- Re: [Asrg] A Vouch By Feedback proposal, Claudio Telmon
- Re: [Asrg] A Vouch By Feedback proposal, der Mouse
- Re: [Asrg] A Vouch By Feedback proposal, Ian Eiloart
- Re: [Asrg] A Vouch By Feedback proposal, Rich Kulawiec
- Re: [Asrg] A Vouch By Feedback proposal, Ian Eiloart
- Re: [Asrg] VPNs, Daniel Feenberg
- Re: [Asrg] VPNs, Bill Cole
- [Asrg] gmail as source of spam (was VPN), David Wilson
- Re: [Asrg] VPNs, Rich Kulawiec
- [Asrg] Too Big to Block?, John Leslie
|
|
|