[Top] [All Lists]

Re: SMTP Transferred-By-Reference

2007-11-15 12:12:12

On Nov 15, 2007, at 9:27 AM, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

On Tue, 13 Nov 2007 18:32:49 PST, Douglas Otis said:

Message content offers little assurance of its origination. Where to reach for the message is more significant. The TBR extension offers both an assured last hop IP address and a domain of origination. Often the origination of content is more important than the results of a scanning process. Receivers would be foolish to trust the results of content scanning alone.

OK. Let me get this straight. We get an inbound connection from a possibly dodgy source address, like a probably compromised cablemodem box, and we then take the address *they provide us* and use that as some sort of "verification"?

Yes, and at the MTA's leisure, as accepting a reference does not formally create an obligation.

What's wrong with this picture? (Hint - what are the chances that a hypothetical connection from said abused cablemodem, if it uses TBR, will point at either the *same* address, or yet another abused cablemodem? Consider the use of fast-flux DNS changers when you ponder this - there's no reason why you won't find that tbr- *won't* point at a cablemodem.)

You are right about the problem created by fast-flux DNS changers, especially when coupled with the noise created by odious domain tasting. Even DKIM can be abused in this manner.

This problem can be tracked, but results may require a bit more time than allowed to return Okay to a DATA command. Over a brief period of time, such abusive sources can be flagged. The database is perhaps too extensive to distribute for real-time results (largely due to domain tasting), however near-real-time results are practical. To support this effort, the TBR Extension offers a low overhead means to defer a formal obligation to deliver, while also avoiding the exchange of undesired data.