Re: IETF SMTP Working Group Proposal at smtpng.org
On 8/21/2002 at 10:53:19 -0400, Ron da Silva said:
On Wed, Aug 21, 2002 at 10:00:02AM -0400, sjj@pobox.com wrote:
what are the more basic problems you're trying to fix?
I'd like to be able to publish DNS records announcing my domain's *outbound* mail servers, with nice abbreviated forms to say "they're the same as my inbound (MX) records" or "any IP in x.y.z/24". Then cooperative ISPs (like say America Online) could refuse any email from my domain that originated from some random cable modem, instead of accepting it and then flooding me with 20000 bounce messages.
What about this email from you which came to me from Merit and not your mail server? Would break mailing lists and listserves unless the from field is overwritten.
A user/server certification system would be nice, as long as the certificate issuers held the right balance between ease of getting a cert and security in proving the identity of the cert holder. That would take away the anonymous nature of SPAM, and make enforcement possible. If an authority consistently fails to respond to complaints, you don't accept mail certified from them. And a certificate train will get you mail from small folks (I trust ALGX's CA, ALGX trusts AOL's, therefore AOL will accept my mail until I screw up, and ALGX revokes my server cert and/or turns me in to the FBI, or fails to and AOL revokes their trust of ALGX.) The only down side is the politics involved. -Dave
A user/server certification system would be nice, as long as the certificate issuers held the right balance between ease of getting a cert and security in proving the identity of the cert holder. That would take away the anonymous nature of SPAM, and make enforcement possible. If an authority consistently fails to respond to complaints, you don't accept mail certified from them. And a certificate train will get you mail from small folks (I trust ALGX's CA, ALGX trusts AOL's, therefore AOL will accept my mail until I screw up, and ALGX revokes my server cert and/or turns me in to the FBI, or fails to and AOL revokes their trust of ALGX.)
Well yes, it could be done with certificates, but it can also be done via some type of "root server" system like DNS uses. A database distributed among many root servers from the registrars is proven. Tracking valid servers seems much easier to track rather than blacklisting IP's that are not mail servers at all or are abusive servers. IMHO I don't think it would be that horrible of an idea with the right amount of notification and education to state something such as "register your mail servers by this date or risk service interruption". Of course this period would be several months, if not a year+ .
The only down side is the politics involved.
Politics and legalities are 95% of the reason a lot of good ideas have yet to materialize. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net RAM DISK is not an installation procedure!
IMHO I don't think it would be that horrible of an idea with the right amount of notification and education to state something such as "register your mail servers by this date or risk service interruption". ] but I also run a SMTP server on my laptop which bounces usually between two ] addresses (one at home, one at work)
Actually, I don't care too much about "the rest of you", nothing would force you to publish your outbound mail servers. As long as a few big sites (spam targets) honor the white list I publish for *my* own domain, great. It's voluntary, and to your advantage both as a sender and a receiver to adopt it (assuming the mailing list thing is resolvable). Domains like pobox.com wouldn't be able to use this, so it shouldn't be a requirement.
Of course this period would be several months, if not a year+ .
Planned obsolescence is another interesting idea, but a sure way to implement it isn't coming to mind. Basically I want my MTA to refuse deliveries from MTAs 'X' years/days older than itself. "Years older" vs absolute age is important, so that an isolated enterprise network somewhere could continue to inter-operate with itself no matter how old it grew. How about: use the skey style unrolling (or is that "pre-rolled"?) passwords to generate cookies. Someone we trust creates the 'generation 0' cookie, one-way encrypts it one thousand times, and tells us all the 'generation 1000' cookie, which we put into our MTA configs. At the next tick of the clock (one year later), the authority releases the cookie for 'generation 999', and some of us update our configs (or Microsoft and Sendmail update their new distributions - but NOT Windows Update?). You can go 'X' years without updating your configs if you want - for whatever 'X' you think most of the Internet has chosen. Talking to MTAs newer than me: If my MTA is setup with cookie 'generation 950' and an MTA connects to me offering cookie 'generation 948', then I should be able to one-way encrypt the offered cookie twice and compare it to my cookie and verify that they really are two generations ahead of me, and allow the connection. The skey trick means I don't need to know future cookies to accept email from them. Talking to MTAs older than me: I don't talk to machines 'X' generations older than me. I have the last 'X' cookies hard coded in my configs, or I just (at start time) one-way encrypt my current cookie a maximum of 'X' times to generate all of the valid old cookies I'll accept. The idea isn't to take live humans (including spammers) out of the loop, just the no-admin Windows/Solaris/Linux/whatever machines that haven't been patched in 'X' years. This year's cookie isn't a secret, just next year's and the year after's, so an admin can't setup a box with 'generation 0' and leave it alone for a thousand years to annoy the rest of us.
At 11:50 AM -0400 2002/08/21, Robert Blayzor wrote:
Well yes, it could be done with certificates, but it can also be done via some type of "root server" system like DNS uses. A database distributed among many root servers from the registrars is proven.
Look. The DNS is seriously screwed-up enough as it is. Let's not take a bad model and replicate it elsewhere.
Tracking valid servers seems much easier to track rather than blacklisting IP's that are not mail servers at all or are abusive servers.
Sure. Only accept e-mail from white-listed servers. You don't need a complex system to manage that.
IMHO I don't think it would be that horrible of an idea with the right amount of notification and education to state something such as "register your mail servers by this date or risk service interruption".
Sure. Are you willing to be the first? -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
Look. The DNS is seriously screwed-up enough as it is. Let's not take a bad model and replicate it elsewhere.
I'm not saying use DNS specifically, but using something "DNS" like. Whether it be a database of public keys or certs really doesn't make a difference at this level.
Sure. Are you willing to be the first?
If it came down to the wire and something like this were implemented, and enforced, then yes, I'd be the first in line. If the software, the system and the means are available, I'd make sure we were registered before the system went live. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net Exclusive: We're the only ones who have the documentation.
At 7:23 PM -0400 2002/08/21, Robert Blayzor wrote:
Sure. Are you willing to be the first?
If it came down to the wire and something like this were implemented, and enforced, then yes, I'd be the first in line. If the software, the system and the means are available, I'd make sure we were registered before the system went live.
Right. How are you going to enforce *anything* on the Internet? Every single RFC in existence is optional, at best. Every single black list is certainly optional. And until you can control the entire Internet and operate the mail servers for everyone in the world, there's no way in hell that you're going to get everyone to subscribe to the same white list. Sorry, guy. Ain't gonna happen. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
participants (4)
-
Brad Knowles -
Dave Israel -
Robert Blayzor -
sjj@pobox.com