On Wed, Mar 10, 2004 at 04:43:45AM -0500, Meng Weng Wong wrote:
|
| Also, we should talk about the proposed accreditation modifier ---
| accreditation agencies are forming as predicted and a standardized set
| of accreditation semantics would be a plus for everyone.
|
Phillip posted this document back in January. People who haven't
already read it should please get up to speed. I want to make things
easy for three sets of parties:
1) accredited sender domains should be able to add accreditation
modifiers easily.
2) accreditation agencies should be able to easily publish vouch
information, in a standard format if possible
3) reputation services eg. SpamAssassin should be able to easily verify
an asserted accreditation and resolve its semantics to a score or an
absolute whitelist.
Hmm, this means that Mail::SPF::Query is probably going to have to
return yet another result value describing accreditation vouches.
SPF Working Group
Internet Draft P. Hallam-Baker
Document: draft-spf-accreditation-00.txt VeriSign Inc.
Expires: July 2004 January 2004
SPF Accreditation Profile
Status of this Memo
This document is an Internet-Draft and is NOT offered in accordance
with Section 10 of RFC2026, and the author does not provide the IETF
with any rights other than to publish as an Internet-Draft
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This document describes the SPF accreditation mechanism.
An accreditation is a description by a third party that describes an
email sender in some way that helps the recipient estimate the
likelihood that a message authenticated as being originated by the
sender is spam.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [1].
Table of Contents
<Lastname> Expires - July 2004 [Page 1]
<Title> January 2004
1. Introduction..................................................2
1.1 Accreditation Authorities.................................2
1.2 Accreditation Statements..................................3
1.3 Publication of Accreditation Statements...................4
1.4 Interpretation of Accreditation Statements................4
2. DNS Publication of Accreditation Statements...................5
2.1 Accreditation Authority Description TXT Record............5
2.2 Sender Recipient A Record.................................5
2.3 Sender Recipient TXT Record...............................5
3. Filter Interpretation Guidelines..............................5
3.1 Establishing Provider Reputation..........................5
3.2 Combining Accreditations..................................6
4. Security Considerations.......................................6
4.1 Unauthenticated or Wrongly Authenticated Sender...........6
4.2 Untrustworthy Accreditation Provider......................6
4.3 DNS Security Issues.......................................7
References.......................................................7
Acknowledgments..................................................7
Author's Addresses...............................................7
1. Introduction
An accreditation is a statement by a third party that the recipient of an
email may
use to estimate the probability that the sender is a spammer.
1.1 Accreditation Authorities
An Accreditation Authority is a third party that is responsible for
making statements that describe email senders.
Accreditation Authorities MAY be restricted or unrestricted. A
restricted accreditation authority only publishes statements that
relate to a restricted number of email senders. An unrestricted
accreditation authority publishes statements for all email senders.
An accreditation authority may take additional measures to improve
the value of their accreditation, for example bringing civil suits
against parties that breach the undertakings given.
Accountability of Accreditation Authorities
Experience of anti-spam blacklists has shown that those who attempt
to provide accountability must in turn be accountable.
There is no difficulty in ensuring that accreditation providers are
accountable to email recipients. An accreditation authority that
<Lastname> Expires - July 2004 [Page 2]
<Title> January 2004
provides incorrect accreditation will soon be ignored. The value of
an accreditation may be measured empirically by measuring the
proportion of the message sent bearing a particular accreditation
that are determined to be spam (e.g. through user reports).
If the ability to measure the value of an accreditation agency is to
be of use to the recipient it must be possible for new accreditation
providers to offer their services without artificial barriers to
entry such as magic lists of ?approved? providers.
One way to avoid this problem is to allow email senders to specify
the accreditation providers they favor. Although it is unlikely that
any individual would specify an accreditation provider that gave them
a bad rating, an accreditation service that had established a
sufficiently high reputation on the basis of its positive
accreditations could offer to supply negative ratings.
This mechanism offers substantial advantages over the current
situation in which maintainers of anti-spam blacklists are
effectively unaccountable to any party. Accreditation services are
held accountable to both senders and receivers.
Practices Considerations
As a trusted third party the actions of an Accreditation Authority
are raise numerous legal issues. These issues are outside the scope
of this document.
1.2 Accreditation Statements
At present a large number of different parties act as Accreditation
Authorities with respect to sending of email. Blacklists attempt to
identify bad faith actors while whitelists look to identify good
faith actors. Whitelist accreditations may involve a simple promise
not to spam or a promise that is backed up by some form of penalty
such as the forfeiture of a bond or the publication of negative
reputation data.
Despite the wide variety in the types of data Accreditation
Authorities provide the inferences that anti-spam filtering
techniques attempt to draw are the same, is a particular item of
email likely or unlikely to be spam. For this reason we leave the
details of the accreditation mechanism to the Accreditation
Authority.
<Lastname> Expires - July 2004 [Page 3]
<Title> January 2004
An accreditation authority MAY publish any form of accreditation
statement they choose. The following types of statement are likely to
be of greatest utility.
Identity Accreditation
The email sender has provided a real world identity and a physical
address at which legal process can be served and this information has
been authenticated by means of some trustworthy process.
Undertaking Accreditation
In addition to meeting the identity accreditation requirements, the
email sender has undertaken to comply with a specified email sending
policy.
Reputation Accreditation
In addition to meeting the undertaking accreditation requirements,
the email sender has been determined to be in compliance with those
requirements
1.3 Publication of Accreditation Statements
Accreditation statements are published by means of an extension of
the existing mechanism used for publication of anti-spam blacklists
via DNS.
An accreditation statement is published by means of the DNS A record.
To avoid collisions with other uses of the DNS addresses in the
127.0.x.x loopback address range are used.
[TBS]
1.4 Accreditation Authority Meta Data
The domain prefix specified for an accreditation service MAY contain
a record that describes the use of the particular accreditation
service with the key _accredit.
1.5 Interpretation of Accreditation Statements
Email recipients MAY interpret Accreditation Statements in any
fashion they choose, including regarding an Accreditation Statement
as a negative indicator.
<Lastname> Expires - July 2004 [Page 4]
<Title> January 2004
The reputation of the Accreditation Authority MUST be considered
suspect until proven reliable.
2. DNS Publication of Accreditation Statements
2.1 Accreditation Authority Description TXT Record
type:{ identity | undertaking | reputation }
The type of accreditation provided as described in the
introduction.
open:<boolean>
If true the accreditation service is open and MAY be consulted
to obtain information even if the sender does not list the
service as an accreditor.
protocol: {dns-a | dns-txt | other }
The protocol by which the accreditation may be retrieved. The
keyword dns-a specifies that the accreditation record is
encoded as a DNS A record. The keyword dns-txt specifies that
the accreditation record is encoded as a DNS TXT record.
length:<integer>
The number of bits in the record value that have significance.
scale: {log2 | log10 | linear | none}
The scale to be applied when comparing the corresponding
record values.
2.2 Sender Recipient A Record
The least significant 16 bits of the A record are interpreted as
directed by the description TXT record.
2.3 Sender Recipient TXT Record
Option here to add in more descriptive information.
3. Filter Interpretation Guidelines
An email filter MAY make any use it chooses of information provided.
3.1 Establishing Provider Reputation
It is suggested that email filters SHOULD determine weightings to
assign to accreditation notices from particular Accreditation
Authorities by means of empirical measurement of their effectiveness
<Lastname> Expires - July 2004 [Page 5]
<Title> January 2004
rather than fixed a-priori values. If fixed weightings are assigned
it SHOULD be possible to override these values.
For example an email recipient receiving a large quantity of email
might perform an analysis of the accuracy of various Accreditation
Authorities on a statistically significant sample of that email.
Recipients of smaller quantities of email might rely on third party
assessments of the accuracy of Accreditation Authorities or on
feedback from end-users identifying messages that have been wrongly
categorized.
3.2 Combining Accreditations
When combining Accreditations from different Accreditation Providers
filters MAY use the information provided in the Accreditation
Authority Description record to determine whether the information
provided is likely to have dependencies or not.
For example an email sender that is accredited by two different
Accreditation Authorities that verify identity information is not
likely to be significantly less likely to be a spammer than an email
sender that is only accredited by one Accreditation Authority. But an
Email sender that is accredited by one Accreditation Authority that
verifies identity information and another that monitors complaints
from end users is less likely to be a spammer than a sender with only
one of the accreditations.
4. Security Considerations
4.1 Unauthenticated or Wrongly Authenticated Sender
A positive accreditation has no value if someone other than the
accreditation subject can make use of it. It is therefore essential
for the sender of an email to be accredited before a positive weight
is given to an accreditation value.
4.2 Untrustworthy Accreditation Provider
An Accreditation Authority may be untrustworthy for many reasons,
they may perform their activities in a negligent fashion or with
actual malice.
For example a spammer might run an unrestricted accreditation service
that accurately listed all his rivals as spammers but did not list
the spammer who operated the service. Alternatively an Accreditation
<Lastname> Expires - July 2004 [Page 6]
<Title> January 2004
service may maliciously publish a negative reputation about a
subject.
For this reason email filters MUST evaluate the reputation of the
Accreditation Authority as well as the data provided by that
authority.
The number of email senders that reference accreditation records
published by an Accreditation Authority MAY provide an indication of
the relative trustworthiness of that provider.
4.3 DNS Security Issues
The DNS protocol does not provide cryptographic assurance of the
integrity of the information published and is vulnerable to Denial of
Service attacks.
[This is no big deal for this protocol]
References
1 Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997
Acknowledgments
Author's Addresses
Phillip Hallam-Baker
VeriSign Inc.
Email: pbaker(_at_)verisign(_dot_)com