SPF Working Group Internet Draft P. Hallam-Baker Document: draft-spf-accreditation-00.txt VeriSign Inc. Expires: July 2004 January 2004 SPF Accreditation Profile Status of this Memo This document is an Internet-Draft and is NOT offered in accordance with Section 10 of RFC2026, and the author does not provide the IETF with any rights other than to publish as an Internet-Draft Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes the SPF accreditation mechanism. An accreditation is a description by a third party that describes an email sender in some way that helps the recipient estimate the likelihood that a message authenticated as being originated by the sender is spam. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [1]. Table of Contents Expires - July 2004 [Page 1] January 2004 1. Introduction..................................................2 1.1 Accreditation Authorities.................................2 1.2 Accreditation Statements..................................3 1.3 Publication of Accreditation Statements...................4 1.4 Interpretation of Accreditation Statements................4 2. DNS Publication of Accreditation Statements...................5 2.1 Accreditation Authority Description TXT Record............5 2.2 Sender Recipient A Record.................................5 2.3 Sender Recipient TXT Record...............................5 3. Filter Interpretation Guidelines..............................5 3.1 Establishing Provider Reputation..........................5 3.2 Combining Accreditations..................................6 4. Security Considerations.......................................6 4.1 Unauthenticated or Wrongly Authenticated Sender...........6 4.2 Untrustworthy Accreditation Provider......................6 4.3 DNS Security Issues.......................................7 References.......................................................7 Acknowledgments..................................................7 Author's Addresses...............................................7 1. Introduction An accreditation is a statement by a third party that the recipient of an email may use to estimate the probability that the sender is a spammer. 1.1 Accreditation Authorities An Accreditation Authority is a third party that is responsible for making statements that describe email senders. Accreditation Authorities MAY be restricted or unrestricted. A restricted accreditation authority only publishes statements that relate to a restricted number of email senders. An unrestricted accreditation authority publishes statements for all email senders. An accreditation authority may take additional measures to improve the value of their accreditation, for example bringing civil suits against parties that breach the undertakings given. Accountability of Accreditation Authorities Experience of anti-spam blacklists has shown that those who attempt to provide accountability must in turn be accountable. There is no difficulty in ensuring that accreditation providers are accountable to email recipients. An accreditation authority that <Lastname> Expires - July 2004 [Page 2] <Title> January 2004 provides incorrect accreditation will soon be ignored. The value of an accreditation may be measured empirically by measuring the proportion of the message sent bearing a particular accreditation that are determined to be spam (e.g. through user reports). If the ability to measure the value of an accreditation agency is to be of use to the recipient it must be possible for new accreditation providers to offer their services without artificial barriers to entry such as magic lists of ‘approved’ providers. One way to avoid this problem is to allow email senders to specify the accreditation providers they favor. Although it is unlikely that any individual would specify an accreditation provider that gave them a bad rating, an accreditation service that had established a sufficiently high reputation on the basis of its positive accreditations could offer to supply negative ratings. This mechanism offers substantial advantages over the current situation in which maintainers of anti-spam blacklists are effectively unaccountable to any party. Accreditation services are held accountable to both senders and receivers. Practices Considerations As a trusted third party the actions of an Accreditation Authority are raise numerous legal issues. These issues are outside the scope of this document. 1.2 Accreditation Statements At present a large number of different parties act as Accreditation Authorities with respect to sending of email. Blacklists attempt to identify bad faith actors while whitelists look to identify good faith actors. Whitelist accreditations may involve a simple promise not to spam or a promise that is backed up by some form of penalty such as the forfeiture of a bond or the publication of negative reputation data. Despite the wide variety in the types of data Accreditation Authorities provide the inferences that anti-spam filtering techniques attempt to draw are the same, is a particular item of email likely or unlikely to be spam. For this reason we leave the details of the accreditation mechanism to the Accreditation Authority. <Lastname> Expires - July 2004 [Page 3] <Title> January 2004 An accreditation authority MAY publish any form of accreditation statement they choose. The following types of statement are likely to be of greatest utility. Identity Accreditation The email sender has provided a real world identity and a physical address at which legal process can be served and this information has been authenticated by means of some trustworthy process. Undertaking Accreditation In addition to meeting the identity accreditation requirements, the email sender has undertaken to comply with a specified email sending policy. Reputation Accreditation In addition to meeting the undertaking accreditation requirements, the email sender has been determined to be in compliance with those requirements 1.3 Publication of Accreditation Statements Accreditation statements are published by means of an extension of the existing mechanism used for publication of anti-spam blacklists via DNS. An accreditation statement is published by means of the DNS A record. To avoid collisions with other uses of the DNS addresses in the 127.0.x.x loopback address range are used. [TBS] 1.4 Accreditation Authority Meta Data The domain prefix specified for an accreditation service MAY contain a record that describes the use of the particular accreditation service with the key _accredit. 1.5 Interpretation of Accreditation Statements Email recipients MAY interpret Accreditation Statements in any fashion they choose, including regarding an Accreditation Statement as a negative indicator. <Lastname> Expires - July 2004 [Page 4] <Title> January 2004 The reputation of the Accreditation Authority MUST be considered suspect until proven reliable. 2. DNS Publication of Accreditation Statements 2.1 Accreditation Authority Description TXT Record type:{ identity | undertaking | reputation } The type of accreditation provided as described in the introduction. open:<boolean> If true the accreditation service is open and MAY be consulted to obtain information even if the sender does not list the service as an accreditor. protocol: {dns-a | dns-txt | other } The protocol by which the accreditation may be retrieved. The keyword dns-a specifies that the accreditation record is encoded as a DNS A record. The keyword dns-txt specifies that the accreditation record is encoded as a DNS TXT record. length:<integer> The number of bits in the record value that have significance. scale: {log2 | log10 | linear | none} The scale to be applied when comparing the corresponding record values. 2.2 Sender Recipient A Record The least significant 16 bits of the A record are interpreted as directed by the description TXT record. 2.3 Sender Recipient TXT Record Option here to add in more descriptive information. 3. Filter Interpretation Guidelines An email filter MAY make any use it chooses of information provided. 3.1 Establishing Provider Reputation It is suggested that email filters SHOULD determine weightings to assign to accreditation notices from particular Accreditation Authorities by means of empirical measurement of their effectiveness <Lastname> Expires - July 2004 [Page 5] <Title> January 2004 rather than fixed a-priori values. If fixed weightings are assigned it SHOULD be possible to override these values. For example an email recipient receiving a large quantity of email might perform an analysis of the accuracy of various Accreditation Authorities on a statistically significant sample of that email. Recipients of smaller quantities of email might rely on third party assessments of the accuracy of Accreditation Authorities or on feedback from end-users identifying messages that have been wrongly categorized. 3.2 Combining Accreditations When combining Accreditations from different Accreditation Providers filters MAY use the information provided in the Accreditation Authority Description record to determine whether the information provided is likely to have dependencies or not. For example an email sender that is accredited by two different Accreditation Authorities that verify identity information is not likely to be significantly less likely to be a spammer than an email sender that is only accredited by one Accreditation Authority. But an Email sender that is accredited by one Accreditation Authority that verifies identity information and another that monitors complaints from end users is less likely to be a spammer than a sender with only one of the accreditations. 4. Security Considerations 4.1 Unauthenticated or Wrongly Authenticated Sender A positive accreditation has no value if someone other than the accreditation subject can make use of it. It is therefore essential for the sender of an email to be accredited before a positive weight is given to an accreditation value. 4.2 Untrustworthy Accreditation Provider An Accreditation Authority may be untrustworthy for many reasons, they may perform their activities in a negligent fashion or with actual malice. For example a spammer might run an unrestricted accreditation service that accurately listed all his rivals as spammers but did not list the spammer who operated the service. Alternatively an Accreditation <Lastname> Expires - July 2004 [Page 6] <Title> January 2004 service may maliciously publish a negative reputation about a subject. For this reason email filters MUST evaluate the reputation of the Accreditation Authority as well as the data provided by that authority. The number of email senders that reference accreditation records published by an Accreditation Authority MAY provide an indication of the relative trustworthiness of that provider. 4.3 DNS Security Issues The DNS protocol does not provide cryptographic assurance of the integrity of the information published and is vulnerable to Denial of Service attacks. [This is no big deal for this protocol] References 1 Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997 cknowledgments uthor's Addresses Phillip Hallam-Baker VeriSign Inc. Email: pbaker(_at_)verisign(_dot_)com <Lastname> Expires - July 2004 [Page 7] ------- Sender Permitted From: http://spf.pobox.com/ Archives at http://archives.listbox.com/spf-discuss/current/ Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com