Re: e2e


On Aug 16, 2007, at 3:10 PM, Keith Moore wrote:

I also think there might be some merit in holding mail on thesender's outgoing mail server until the receiver's MX is willing todeal with it, thus pushing more of the costs toward the sender of amessage.

The concept of holding messages at the sender could be a basis for achange in SMTP for supporting this model, but at a messagegranularity. The changes would be similar to that of BURL but wouldbe Transfer by Reference or To Be Read, TBR.

The results seen after returning 4xx errors to SMTP clients is oftenthe client will then retry frequently. A better solution would be todevise an architecture that allows the message reference to always beaccepted, but where actual message delivery occurs over a differentchannel. This new mode of operation would occur when both sender andreceiver support an transfer by reference. Often more than 90% ofmessages received are undesired. These messages will be eitherrefused, placed into a junk folder, bounced, or deleted. Manybounces will be deleted as well. Actually transferring the messageis sub-optimal when done within the SMTP sessions due to extremelyhigh levels of abuse. Accepting the message rather than a messagereference also burdens the SMTP server with the duty of retaining itsdisposition and possibly issuing bounces.

A problem also plaguing email is falsified originating addresses.This has lead to rampant abuse where virtually little within amessage is trusted as being valid. While DKIM helps solve thisproblem, this solution demands additional resources of therecipient. Whether DKIM will be able to withstand abuse may be indoubt, after all most email services are gratis. Providers might optfor a cheaper solution. Transfer by reference ensures theorigination of the message is not falsified at substantially lesscost for the inbound SMTP process.

To implement an transfer by reference, the MSA would create twohashes based upon the email message content. The MSA then publishesthe email message at a web-server where the combined hashes providean access reference for security. Rate-limiting 404 errors makesattempts at guessing a link futile. If there is a desire to ensureeven those running the recipient's MTA do not have access themessage, a scheme like Open-ID could be employed. When there aremultiple recipients, a script on the web-server could request who isaccessing the message. Identifying who is fetching the message canalso be automated by inserting the recipient's address into the linkas follows:


MSGREF: 
http://bill%40example(_dot_)com(_at_)cs(_dot_)utk(_dot_)edu/~moore/.mq/(sha1+sha256)

The web-server would track when an outbound message was posted, andwhether it had been accessed by all intended recipients. The web-server could generate a report of outstanding recipients that failedto fetch the message after some interval. The web-server may attemptto retry sending the link to the recipient, or just notify the senderof a delivery failure.

Banks or financial institutions could use https to better securemessage content, and to ensure customers they are at the expected web-site. Any new MUA designed to handle transfer by reference should beable to annotate whether a publisher had been listed within theiraddress book. This feature should help avoid look-alike exploits.

Fetch messages from the reference link offers a positive confirmationof delivery. From a commerce standpoint, this confirmation would beof significant value. Those concerned about keeping their IP addressprivate, should utilize an external proxy before accessing the web-sites.

When an MTA encounters a down-stream MTA or user-agent that does notsupport transfer by reference, it could fetch the message to remaincompliant. The cost of handling messages will is likely to be aprimary motivation for transfer by reference, along with securecontent, and a solid confirmation of delivery.


-Doug








_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf