IETF SMTP Working Group Proposal at smtpng.org
Jared Mauch
jared at puck.Nether.net
Wed Aug 21 19:55:41 UTC 2002
If there were some sort of smtp callback pki, as long as
you controled your dns and server you could do something useful
on that front.
here's an example i gave last night in a private
e-mail:
-- snip --
There is an important need to perform callback but allow for
the ability to protect information from possible spammers for
harvesting/verificiation.
eg:
220 welcome, but no spam
ehlo spammer
250-callback-secure
250 help
mail from:<spammer at hotmail.com> callback=spammer.example.com
250 ok
rcpt to:<jared at nether.net>
451 try again, pending callback
vs:
220 welcome, but no spam
ehlo spammer
250-callback-secure
250 help
mail from:<spammer at hotmail.com> callback=spammer.example.com
250 ok
rcpt to:<nouser at nether.net>
550 no such user here
there's also the need to do some sort of pki to allow
callback to be secure. eg: the dns record for nether.net should have
some public-key in it and then some other stuff like possibly
mail from:<realuser at hotmail.com> callback=validate.hotmail.com;key=<alkjsdfj>
then pass the 'key' through the public-key availble via dns to
provide back an authentication system to allow for more secure
callback.
but this can still be abused depending...
just some thoughts,
-- snip --
- jared
On Wed, Aug 21, 2002 at 02:38:31PM -0500, Larry Rosenman wrote:
>
> What about individuals that run their own mail servers? (E.G. me).?
>
>
>
> On Wed, 2002-08-21 at 14:28, Derek Samford wrote:
> >
> > I really like this. A sort of IRR for mail servers. Maybe when
> > registered it could even check if the server was an open relay, and not
> > allow those servers to be registered until properly configured. Any
> > thoughts?
> >
> > Derek
> >
> > > -----Original Message-----
> > > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
> > Of
> > > Mark Segal
> > > Sent: Wednesday, August 21, 2002 3:12 PM
> > > To: 'Robert Blayzor'; nanog at nanog.org
> > > Subject: RE: IETF SMTP Working Group Proposal at smtpng.org
> > >
> > >
> > > > It's almost to the point to where mail servers need their own
> > > > "registrar", sort of the way domains are tracked now, track
> > > > mail servers. Give mail server admins the option to accept
> > > > mail from registered mail servers only or from any mail
> > > > server. Of course there would need to be a ramp up period,
> > > > like six months to a year, to make sure all of your mail
> > > > servers are registered. And of course one should only be
> > > > able to register mail servers if the IP space is actually
> > > > SWIP to them. If the IP space is NOT SWIP, it would need to
> > > > be registered by the customer ISP or via owners rwhois
> > > > server. Just my $.02; for what it's worth....
> > >
> > > Really good idea (no sarcasm, I actually like it).. But what stops
> > > spammers
> > > from registering their mail server?..Ie..
> > > 1) Get a dsl account
> > > 2) Ips get swipped to you
> > > 3) Register the server
> > > 4) SPAM
> > > 5) Apologize, get a second chance
> > > 6) get booted off
> > > 7) Call the next ISP with a zero install
> > > 8) Rinse and repeat.
> > >
> > >
> > > Regards,
> > > Mark
> > >
> > > --
> > > Mark Segal
> > > Director, Data Services
> > > Futureway Communications Inc.
> > > Tel: (905)326-1570
> >
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 972-414-9812 E-Mail: ler at lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG
mailing list