1 / 9

Mail Service Quality Support: CSV and BATV

Mail Service Quality Support: CSV and BATV. APCAUCE/APRICOT – Kyoto 2005 Dave Crocker Brandenburg InternetWorking bbiw.net. MUA. MSA. MTA. Does a Domain Name Manager authorize this client MTA to be sending email?

marina
Download Presentation

Mail Service Quality Support: CSV and BATV

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mail Service Quality Support: CSV and BATV APCAUCE/APRICOT – Kyoto 2005 Dave CrockerBrandenburg InternetWorking bbiw.net

  2. MUA MSA MTA • Does a Domain Name Managerauthorizethis client MTA to be sending email? • Does an independentaccreditation service consider domain manager's practices to be adequate, for controlling email abuse? MTA MTA Peer MTA MTA MDA MUA Certified Server Validation (CSV):Assess Peer MTA Operation D. Crocker APCauce/Apricot – Kyoto, 2005

  3. 1. Identify  SMTP HELO client.example.com  IP Source Address 2. Authenticate 3.Authorize • SRV_client._smtp. client.example.com • Authorized / Not Authorized as MTA [ AddInfo (or A): IP Address valid ] [ AddIinfo (PTR): accred1.example1.net ] accred2.example2.net ] 4. Accredit • A) Consult private lists, or • B) SRV client.example.com.accred1.example1.net • Nice / Nasty DNS CSV Process SendingMTA Client MTA ReceivingMTA Server MTA D. Crocker APCauce/Apricot – Kyoto, 2005

  4. CSV Usage • Sending MTA Network Operator • Register authorized MTAs in CSV SRV DNS • [ Register “explicit” record, for default “not authorized” ] • Sending MTA Client • Use EHLO authorized domain name • Receiving MTA Server • Query CSA SRV for Client domain name • [ Query CSA SRV for Client domain name ‘explicit’ record ] • Query private table or public DNA PTR record D. Crocker APCauce/Apricot – Kyoto, 2005

  5. Bounce Address Tag Validation (BATV):Detecting Forged 2821.MailFrom • Digital signature of bounce address • Key is based on domain portion of address • Multiple schemes permitted • First one is simple and private to the originating system • Meta-syntax on LHS (local-part) for parameters • Permits finding mailbox without understanding signature, but entire string (with meta-syntax) must be used as bounce • Hard limit of 64 bytes for total of local-part mailbox@example.com batv=mailbox/scheme/parameters@example.com D. Crocker APCauce/Apricot – Kyoto, 2005

  6. Bounce Generation IntermediateRelay Bounce Generation MDA MTA Bounce Receipt Bounce Address Evaluation Venues SignMailFrom MSA MDA MTA MTA MTA D. Crocker APCauce/Apricot – Kyoto, 2005

  7. First Scheme: PSB0 • Private Signed Bounce, version zero • Detect invalid received bounces • Interpreted only by issuer • Limited replay protection sig-val = key-id, encrypt ( bounce address, timestamp, random-string ) D. Crocker APCauce/Apricot – Kyoto, 2005

  8. Approach for “Public Key” Schemes • Allows interpretation by Relays earlier in the sequence • Requires PK infrastructure • Will be based on a content-signing standard, when available • Link to content permits strong replay protection • Tune computation to MailFrom’s limitations • E.g., hash the signature into a short string. D. Crocker APCauce/Apricot – Kyoto, 2005

  9. To Follow Up… • CSV and BATV • Mailing list and specifications: mipassoc.org/clear • Certified Server Validation (CSV): draft-ietf-marid-csv-intro-02 • Client SMTP Authorization (CSA): draft-ietf-marid-csv-csa-02 • Domain Name Accreditation (DNA): draft-ietf-marid-csv-dna-02 • Bounce Address Tag Validation (BATV): draft-levine-mass-batv-00 • Email architecture • bbiw.net/specifications/draft-crocker-email-arch-03.html • Internet Mail Architecture: draft-crocker-email-arch-03 D. Crocker APCauce/Apricot – Kyoto, 2005

More Related