The IP address of the SMTP client can be found within an ASN to uncover a network provider. Helos might verify, which may then also identify a domain used by a network provider's customer. Of course the host names within the reverse PTR may also verify as well. Identifying the network provider is perhaps the most reliable, as an IP address represents a basic element of message interchange and routing. Bulk Unsolicited Messages (BUMs) can cause great harm. BUMs represent a great preponderance of message volume, and place a growing burden on recipients. These messages can also directly infect systems and offer links that might then exploit thousands of flaws existing in browsers. The United State's CAN-SPAM act of 2003 permits BUMs as long as the recipients can find valid headers and a link contained within the message. Without BUMs being universally illegal, only network provider's enforcement of AUPs prohibiting this activity protects the Internet. About 2% of email sources send BUMs that represent more than 80% of the volume. Once even more network providers decide to profit from revenues obtained carrying BUMs, then very rapidly the Internet is likely to suffer a breakdown created by unrestrained greed. Rejecting messages from abusive sources as quickly as possible is not likely to keep pace with the rising levels of BUMs and their changing strategies. Rather than applying pressure on network providers to enforce protective AUPs prohibiting BUMs, some believe identifying individuals sending messages will allow a greater portion of BUMs to be blocked. The concept of using domain identification techniques has already been countered with domain tasting at a daily churn of as much as 5% of existing domains. SPF, Sender-ID, and DKIM offers domain identifiers that can point to a network provider's customer's customer. Thomas Nast created a cartoon that captures the situation rather well. http://www.spartacus.schoolnet.co.uk/USAnast3.jpg Efforts failing to identify those actually transmitting messages are disheartening, as these methods overlook significant risks imposed by the redirection tactics. This tactics also assume someone else will deal with the BUM problem. The more removed from who is transmitting the message, the less likely any enforcements efforts will be effective in the milli-second Blitz Kreig being waged. SPF/Sender-ID uses a DNS based script language that allows the local-part of an email address to modify a tremendous number of DNS transactions generated from one cached record. SPF actually allows DDoS to be generated by BUMs free for the attacker, and nearly impossible to trace. DKIM started out as a good idea, but lacks a means to identify who is transmitting the message. Limitations imposed by DKIM require email-address domain owners to submit private keys to their email-providers. Don't worry about the replay problem, as some claim Sender-ID has that covered. Both of these schemes require acceptance of the entire message, which preclude any relief from a BUM onslaught. Organizations created by providers with a goal to offer solutions have instead decided to ignore risks and offer solutions unlikely to even prevent spoofing, let alone make a dent in the BUM problem. Australia's Spam Act of 2003 makes it illegal to send even one unsolicited commercial email to Australia. The maximum daily penalty is $1.1 million for companies and $220,000 for individuals or anyone knowingly involved. At least the Aussies appear to grok the severity of the problem. -Doug _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf
