On Fri, 2004-08-20 at 10:35, Alan DeKok wrote:
Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
I agree with this view. PRA does not represent the accountable entity,
if viewed as the MTA being accountable.
I don't think PRA is trying to hold the current sending MTA
accountable.
I agree. The PRA does not authenticate the MTA as a means to identify
those administering polices to control mail.
If authenticated, the EHLO domain properly provides the accountable
entity.
For what? Validating EHLO ensures that you know someone's
accountable, but what for?
The MTA administrator should be seen as accountable for the stream of
mail, irrespective of message content. If there is a problem, only this
entity is capable of taking steps to curtail abuse.
The MAIL FROM may have a different domain than EHLO, and the message
body may have something else entirely.
There are multiple accountable entities. Sorting out who they are,
what they do, and how they interact is problematic. e.g.
EHLO accountability:
The sending MTA is part of an administrative
system which is well-known, and understands
that the MTA is sending messages.
The EHLO domain entity is granting access to the mail channel and they
have logs to sort out who did what. If networks are to be protected
from those wishing to abuse the system, only this entity is capable of
taking effective action to abate this traffic. The authenticated EHLO
domain should be visible to the user at the MUA. After all, this is
where trust is being placed.
MAIL FROM accountability:
Someone accepts responsibility for the bounces.
I see this as closing the "back-door". There will always be some MTA at
the end of a relay chain. Being able to detect return addresses as
bogus, perhaps by way of the BATV proposal, would avoid this type of
spoof bounce abuse, often used by Trojans and spammers. This would be a
secondary level protection after checking against the EHLO domain for a
history of abuse. This allows two opportunities to stop this illicit
technique.
"From:" accountability:
With something like PGP signatures, an individual is claiming
responsibility for the message content.
Absolutely. I agree digital signatures would be a proper means to
protect the author. Making the authenticated EHLO domain visible
together with the From, would be a significant improvement over the
current situation. Digital signatures would be the next logical step.
Sender-ID does not provide author protection, as it makes a false
assumption RFC2822 content is secure and allows header overrides. Nor
does Sender-ID identify the MTA administration. Nor does Sender-ID
protect the return-path. :(
The different kinds of accountability are used at different stages
of passing the email message, and do different things.
Agreed. But the intent of the MARID charter was to find a means to
authenticate the MTA using DNS records. Only checking the EHLO does
this.
-Doug