On 10/24/11 2:40 AM, Alessandro Vesely wrote:
> The problem is that for years email was virtually unregulated (open
> relays were commonplace 15 years ago) which is why it is now so widely
> abused. The only chance of cutting back abuse is to tighten things up.
> Saying that attempts to tighten it up are "fatally flawed" just
> because people can't be bothered to do things properly is dooming the
> whole system to failure.
Very much agreed.
With two policies out of two that choke on forwarding, I'd suspect the
culprit is the latter. Indeed, forwarding implies that target
addresses are being kept on a server. Hence, such server must have
some sort of authorization for using them. Why don't we check that?
Efforts aimed at determining an "IP address authorization" based upon
some "message element" is flawed for two reasons:
1) Authorization is easily abused whenever reputation is applied against
a "purported domain". Outbound IP addresses are commonly shared, and
this is becoming increasingly prevalent. The potential for abuse risks
denial of service and legal responses as a singular recourse.
2) Even if magic happened and all specific "message elements" now
attempt to offer "IP address authorizations", addresses seen by
recipients may change at intervening SMTP proxies, LSNs, or CGNs. This
problem will become more pronounced as IPv6 sources increase and many
MTAs fail to offer IPv6 connectivity.
Any effort to assign reputation to a range of IPv6 addresses immediately
confronts a scale of active prefixes (ignoring lower 64 address bits)
that is 65K larger than all possible IPv4 addresses. This range is
likely to increase another 6 fold in a few years. A rate well beyond
Moore's law.
A sensible solution is a cryptographic method to authenticate the domain
of the outbound MTA. DKIM does not authenticate the outbound MTA, and
remains prone to abuse in a manner similar to IP address authorization.
Perhaps a new type of SMTP needs to be developed, where the protocol
remains unchanged with the exception of MTA authentication
requirements. Call it AMTP for Authenticated Mail Transport Protocol.
Once the MTA can be authenticated, the guesswork and mistakenly
purported domain issues go away. There would not be any need to grey
list recipients once receivers are able to maintain and control who they
permit to issue messages. This may mean new domains need to solicit
intended recipient domains to request inclusion. Such a process
predicated on authentication scales far better and would be less
disruptive than reactive blocking of any "purported" abuse.
It also seems Kerberos offered by various third parties could help
reduce the overhead related to MTA authentications.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg