mail-ng
[Top] [All Lists]

Authentication, Sender Validation, Mail Filtering Considerations

2004-02-03 02:20:33

Of course, regardless of the diverse view or position of the concepts
regarding authentication and/or sender validation, including mail filtering
concept,  it is something that can not be 'excluded' from the next
generation system.  Whether it mandatory or optional, it is something that
needs to be offered as part of the process - whatever it may end up being.

It is my hope that the NG-MAIL would help address one way or another the
current multiple ways we do those concepts.

Will NG-MAIL make DNSRBL methods obsolete?

Will NG-MAIL make MAIL FILTERING or any other methods obsolete or less
necessary?

Or by the very nature of a "new" NG-MAIL system automatically solve the
abuse problem due to compatibility issues?

Of course,  it will have an immediate initial (possible short term impact)
until the abusers adapt.

The question then is how much does the NG-MAIL help to minimize the
recurrence of the abuse? and how?

In any case, our empirical data of addressing the abuse for the past 3
months has shown the following breakdown:

- ~20% of the clients are stopped at the HELO for invalid syntax.
- ~40% of the clients dropped (themselves) for lack of support for
multi-line greetings.
- ~37% of the clients issue recipients which are rejected
- ~55% of the clients are rejected due to machine/return path validation
methods.

Of the latter ~55%, we use the following 4 test:

- Mail IP Filters
- RBL
- DMP (one of the new ASRG proposals)
- CBV (return path Call Back Verifier)

The average breakdown:

- %12 rejected due to IP Filters
- % 63 rejected to RBL lookups (bl.spamcop.net and others)
- %0 rejected to DMP
- % 25 rejected to do CBV,
- and in our case ~10% is rejected due to mail filtering.

So how does all this relate to NG-MAIL?

By far, RBL methods is the #1 way systems fight abusers (regardless of how
they got on the list or not).

What is the impact of NG-MAIL?   We will it have a replacement?  It is a
pretty strong method.  People are not going to give it up unless it is
replaced with something equal or better.

How important is syntax and/or protocol compliance?

In our case, 60% of the clients were rejected due to invalid machine domain
or they dropped themselves.  What does that mean?  No consideration is made
whether they are legit or not.   What is more important for NG-MAIL? 100%
Compliance or delivering mail?  Maybe a delivery "system error?" is
important somehow?

The CBV has shown a successful proof of concept for verifying the sender
address (return path).

How strong will NG-MAIL mandate the legitimacy of the new system's
equivalent return path concept?  Does it even apply any more if other
upfront authentication, negotiation/handshaking methods are used?

One of the fundamental ideas in CAN-SPAM is the idea of an established
USER-VENDOR contract or relationship.

How will NG-MAIL impact this "possible established user-vendor contract or
relationship?"    If the vendor can prove he has a contract with the user to
deliver mail to the user  is this enough to by pass any other upfront
authentication, sender validation technique?

Of course, these are all rhetorical questions to ponder about for NG-MAIL.

In short, NG-MAIL will need to make a strong case or offer a replacement for
current anti-spam systems and it *MIGHT* need to be consistent or "augment"
current laws that might be in place (breaking an user/vendor contract).

Thanks

PS: Interested parties may view our anti-spams statistic breakdown at

http://www.winserver.com/sslinfo  (frame based browser support required)
http://www.winserver.com/public/antispam

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






<Prev in Thread] Current Thread [Next in Thread>