Hi,
Douglas Otis wrote:
There are hundreds of thousands of legitimate SMTP clients in comparison
to hundreds of millions of domains.
My understanding is that recipients are only interested in a few
domain names: their company, their banks, their customers, their
providers, and the like. While they are probably interested in knowing
about such site reputations, they don't want to know how often those
domains' servers change their network settings. Good domain names last
longer than their IPs.
deliberately falsifying the data requires that
"trusted-isp.com" be removed from my set of trustees.
Customers of such providers will still desire their email to be
annotated.
The consistency of requiring perfect reputation of happy-fraud.com is
questionable. If that's my bank, I should probably think about changing.
A package delivered by Fred bearing Sam's return address where Sam
references Fred as being *authorized* does not represent an assurance
that the package is really from Sam. Only when Fred has a reputation of
always checking sender identities against return addresses can there be
any assurance that the return address is valid.
Trusting the return address is only relevant at the transport level,
MUAs should not provide means to issue bounces. Besides, IMHO, it is
Sam's reputation that the recipient should be interested in, not
Fred's. We apparently differ slightly on this subject, but I'd defer
it, as it is not the most relevant point.
[...]
As for tracing spoofing attacks, a MUA sees too little traffic to be
able to do such activity.
It is reasonable to expect the MUA will check the reputation of a few
hundred thousand IP addresses prior to applying annotations.
Here is where I don't follow you. I, for one, don't have a few hundred
thousand messages in my mailbox. In addition most of the messages I
have come from a minority of IP addresses.
There are
techniques that dramatically reduce the size of this list. The
alternative requires much less effective and indirect checks of many
million authorizing domain names.
I must understand you're not talking about a process running on the
MUA, correct?
[...]
The limit on the number of lookups should be low enough to dim DoS
attacks.
The limit of even 10 DNS transactions (without going into how this might
be extended) still represents an attack that does not consume _any_
additional resources of the attacker.
Consuming the attacker's resources is not relevant since they can
outsource them for free.
True. I interpret it as leaving it up to the site admins to decide
their policy. The net result should be that any local part from an
authorized sender is reliable as much as the authorizing domain is
trustworthy.
Agreed. Why bother to check a local-part, especially when these checks
might prove painful to innocent third-parties?
(I tend to appreciate the concealment of local parts as a means to
save horizontal space on the MUA's window...)
Results obtained after inputing the *authenticated IP address* (by way
of TCP interaction) of the SMTP client into mechanisms, such as SPF or
Sender-ID, will be whether or not the SMTP client has been
*authorized*. Only when this SMTP client has a reputation of ensuring
the Mail From or PRA originates from the user of that domain (perhaps
with click-through validation associated with the access account), would
it be safe to annotate a message as originating from the *authorizing*
domain. Attempting to indirectly assess SMTP clients based upon the
authorizing domain makes the assessment orders of magnitude less
effective and more expensive.
I may agree on that even if you didn't specify what techniques would
be used. However, it seems that, even using those optimizations, the
implied volume of data is not what a typical MUA has in its mailboxes.
Thus, it has to rely on an external service. I ask again the same
question: what is the result that such external service delivers?
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf