----- Original Message -----
From: "Carl S. Gutekunst" <csg(_at_)alameth(_dot_)org>
To: "David MacQuigg" <dmq(_at_)gain(_dot_)com>
Sent: Wednesday, March 09, 2005 12:34 AM
Subject: Re: Has the IETF dropped the ball?
I would also like to direct your attention to a marvelous paper by Brett
Watson of Macquarie University detailing all the work we have to do
*after* we have a working authentication system. Authentication is a
necessary first step to controlling spam, but by no means sufficient:
I read a little and what stood out was its initial focus of analysis an
"ideal solution." I struck my interest.
Unfortunately, it failed in doing this what I expected.
The realistic ideal SMTP model considers all process parameters, overhead
There are four parameters in its End Point Validation (EPV) function model.
These four parameters have a direct correlation to the validation result for
Result = EPV(CIP, CDN, RP, FP)
CIP is the client IP address (connection address)
CDN is the Client Domain Name (HELO/EHLO)
RP is the Return Path (MAIL FROM), and
FP is the Forwarding Path (RCPT)
The ideal solution must include the forwarding path in an SMTP based
Transaction Management System (TMS).
If the FP is not valid, then it doesn't matter what an EPV(CIP,CDN, RP)
based on Dr. Watson's model may provide.
The realistic ideal model:
1) Enforce SMTP compliancy,
1.1) MUA considerations
1.2) MTA considerations
1.3) Presumes Return Path is 100% verifiable
2) Takes all process parameters into account,
3) Uses intelligent delayed verification to optimize the system,
4) Minimizes payload requirements,.
5) Uses a server attribute concept to pre-empt redundancy.
No matter what proposal you have, they ALL have to deal with the above.
Hector Santos, CTO
Santronics Software, Inc.