A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking.
Download ReportTranscript A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking.
A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking <http://brandenburg.com/current.html> Retrospective on the Future Spam is complex, confusing and emotional Email Imagine that time has passed What changes will be important? Will it still be easy to reach everyone? Will it be cumbersome, with fragmented communities? Spam Legitimate business will behave acceptably (mostly) Rogue (criminal) spammers will be worse than today D. Crocker, Brandenburg InternetWorking 2 ISOC China – Beijing,Saeptember 2004 Security Functions Term Function Identification Who does this purport to be? Authentication Is it really them? Authorization What are they allowed to do? Accreditation What do I think of the agency giving them that permission? D. Crocker, Brandenburg InternetWorking 3 ISOC China – Beijing,Saeptember 2004 What Will Be Standard? Accountability (Author & Operator) Authentication Authorization Reputation Filtering Reporting & monitoring Immediate problems Aggregate statistics Enforcement (Contracts and laws are standards) Terminology Format of rules D. Crocker, Brandenburg InternetWorking 4 Acceptable behavior ISOC China – Beijing,Saeptember 2004 Email Path(s) Today! MSA MTA MUA MTA MTA Peer MTA MTA MTA MTA MTA MTA MTA Peer MTA Mail Agents MUA MSA MTA MDA = = = = User Submission Transfer Delivery D. Crocker, Brandenburg InternetWorking MTA 5 MDA MDA MUA MUA ISOC China – Beijing,Saeptember 2004 SPF and Sender-ID: Author Path Registration Assigns Sender & MailFrom oMUA MSA 1. Authority and Accreditation of MSA and MSA domain administrators MTA1 Peer MTA Peer MTA 2. MSA must preregister and trust each MTA in path D. Crocker, Brandenburg InternetWorking MTA2 MTA3 MTA4 6 Did MSA authorize MTA1 to send this message? Did MSA authorize MTA2 to send this message? Did MSA authorize MTA3 to send this message? MDA rMUA ISOC China – Beijing,Saeptember 2004 My Personal Favorites Validate content DomainKeys Public key signature of the message Reputation CSV Operator validates MTA CSA & DNA (CSV) Reporting Validate operator No candidates, yet Enforcement We are still learning [Validate MailFrom] [BATV] D. Crocker, Brandenburg InternetWorking 7 ISOC China – Beijing,Saeptember 2004 Client SMTP Validation: Assess Peer MTA MUA MSA • Does a domain's operator authorize this MTA to be sending email? MTA MTA • Do independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse? MTA Peer MTA MTA D. Crocker, Brandenburg InternetWorking MDA 8 MUA ISOC China – Beijing,Saeptember 2004 CSV Functions Term Functions Identification Client SMTP HELO domain name Authentication Domain name lists IP Address Authorization Name is authorized to be MTA Accreditation 1. Name may point to accreditors 2. Accreditors may list domains D. Crocker, Brandenburg InternetWorking 9 ISOC China – Beijing,Saeptember 2004 How to Choose the Future Look at each choice Who must adopt it? When? How much effort is need to administer it? How much does it change email? Xie Xie D. Crocker, Brandenburg InternetWorking 10 ISOC China – Beijing,Saeptember 2004