ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OT Brainstorm: Email Validation among different systems

2007-05-02 05:43:44
from [David F. Skoll] [Permanent Link] 

Hector Santos wrote:


My point here is simply that a professional AVS email security service
bureau will most likely have and offer (if they want the business) a
"interface" specification such as http://www.virtualconnect.net which
allows the operator to update their list of valid users via an email
automated fashion.


Ponder the security risks of such an implementation.

[...]


Ideally a good idea, I think there might be DNS overhead/scalability and
security exposure concerns but if coupled with some client access
concept it might get consideration.  So why do expect to see the I-D? <g>


DNS has proven pretty scalable, I reckon. :-)  As another poster mentioned,
you could look up the hash of an address to reduce information exposure.


Who would create/maintain the zone?


If example.com publishes an MX record, then example.com could equally
publish e-mail validation records.


I would think the service would
want to minimize call outs and prefer to just get a list from the
operator, its less overhead and also allows them to import the common
list from everyone into their own high speed database system.


DNS already has a mechanism for this (zone transfers).


Also given the direction of the world (good or bad), maybe a SOAP or
REST API will probably get some a lot interest.


SOAP and REST APIs lose the advantages of DNS: (1) scalability, (2)
cacheability, (3) lightweight request/response, (4) well-established
mechanisms for operating backup servers.


Similar to our WCSAP service that we use to validate the envelope
information. It is called directly from our SMTP but it can also be
called as a REST-like syntax:

http://www.winserver.com/public/code/html-wcsap?ip=64.26.171.99&cdn=%5b192.168.5.2%5d&from=dfs%40roaringpenguin.com&xid=public&debug=10


Your server incorrectly claims an SPF failure for:
http://www.winserver.com/public/code/html-wcsap?ip=209.191.13.82&cdn=%5b209.191.13.82%5d&from=dfs%40roaringpenguin.com&xid=public&debug=10


The above will attempt to validate your from address.


But that's ad-hoc and isn't what I'm talking about.  I'm talking about
a way to validate RECIPIENT addresses.

Regards,

David.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OT: 5xy - Do we need a "I MEAN IT!" do not retry response code?, Arnt Gulbrandsen
Next by Date:  Re: OT: 5xy - Do we need a "I MEAN IT!" do not retry response code?, Hector Santos
Previous by Thread:  OT Brainstorm: Email Validation among different systems, Hector Santos
Next by Thread:  Re: OT Brainstorm: Email Validation among different systems, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]