1 / 11

Bounce Address Tag Validation (BATV) “ Was use of the bounce address authorized?”

MIPA. Bounce Address Tag Validation (BATV) “ Was use of the bounce address authorized?”. D. Crocker Brandenburg InternetWorking mipassoc.org/batv 9/23/2014 8:32 PM. Basic Email Roles. Bounce Addresses Abuse. Redirecting flood of bounces

tallis
Download Presentation

Bounce Address Tag Validation (BATV) “ Was use of the bounce address authorized?”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking mipassoc.org/batv 9/23/2014 8:32 PM

  2. Basic Email Roles D. Crocker Introduction to BATV

  3. Bounce Addresses Abuse • Redirecting flood of bounces • Spam sends to many invalid addresses, thereby causing masses of bounces. • Spammers specify stray bounce addresses – like yours -- just to get the traffic off the sending service • Backdoor trojan • Bounce message, itself, might contain dangerous content • Denial of service • The flood of messages can cripple the bounce receiving site D. Crocker Introduction to BATV

  4. BounceMDA MTA MTA MTA MTA MTA “No such mailbox” RecipientMDA Original Path and Bounce Path MUA OriginatorMSA Mail Agents MUA = User MSA = Submission MTA = Transfer MDA = Delivery D. Crocker Introduction to BATV

  5. Bounce Address Validation Goals • Bounce recipient delivery agent • Should I deliver this bounce? • Bounce originator • Should I create this bounce? • And by the way… • If the bounce address is invalid, the entire message is probably invalid • If we can detect forged mail, we do not need to worry about its bounce address D. Crocker Introduction to BATV

  6. BATV • Sign envelope Mail-From address • Protect against simple forgery • Possibly protect against unauthorized re-use of signature • Submission Agent adds signature to bounce address MAIL FROM mailbox@domain MAIL FROM sig-scheme=mailbox/sig-data@domain • Multiple signature schemes Private – can only be validated by signer’s admin Public – can be validated by relays on original path D. Crocker Introduction to BATV

  7. A Private BATV Signature • Originating site uses any signing scheme • BATV specification provides a simple version prvs=joe-user/tag-val@example.com tag-type = “prvs" tag-val = Encryption of(day address will expire,original mailbox@domain) D. Crocker Introduction to BATV

  8. Public BATV Signature • Same style as for private key approach • Except that originating site uses private key and the evaluating site must obtain the public key • Public key distribution is the core difficulty • Therefore, piggyback the effort on an existing message encryption effort, like DomainKeys and Identified Internet Mail • Unfortunately, no existing public key-based message signing effort has widespread support… yet D. Crocker Introduction to BATV

  9. Secure Secure Secure Secure MTA MTA MTA MTA MTA MTA MTA Secure MTA Secure MTA MTA Secure Secure MTA MTA MTA MTA Secure Mail Secure Mail Mail Mail Mail Mail Object vs. Channel BATV Path Registration Protect the sensitive data by certifying the relays handling it Protect the sensitive data directly Mail Mail D. Crocker Introduction to BATV

  10. Status • Several rounds of specification and open comment • Beginning to solicit experimental implemtations • Plan to pursue IETF standardization D. Crocker Introduction to BATV

  11. To follow-up… • Mailing list http://mipassoc.org/mailman/listinfo/ietf-clear • BATV specification http://ietf.org/internet-drafts/… • Bounce Address Tag Validation (BATV) draft-levine-mass-batv-00.txt • Internet mail architecture • draft-crocker-email-arch-01.txt D. Crocker Introduction to BATV

More Related