[51149] in North American Network Operators' Group
Re: IETF SMTP Working Group Proposal at smtpng.org
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Aug 21 16:15:11 2002
Date: Wed, 21 Aug 2002 15:55:41 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: Larry Rosenman <ler@lerctr.org>
Cc: Derek Samford <dsamford@fastduck.net>,
"'Mark Segal'" <MSegal@FUTUREWAY.CA>,
"'Robert Blayzor'" <rblayzor@inoc.net>, nanog@nanog.org
In-Reply-To: <1029958722.1151.20.camel@lerlaptop.iadfw.net>
Errors-To: owner-nanog-outgoing@merit.edu
If there were some sort of smtp callback pki, as long as
you controled your dns and server you could do something useful
on that front.
here's an example i gave last night in a private
e-mail:
-- snip --
There is an important need to perform callback but allow for
the ability to protect information from possible spammers for
harvesting/verificiation.
eg:
220 welcome, but no spam
ehlo spammer
250-callback-secure
250 help
mail from:<spammer@hotmail.com> callback=spammer.example.com
250 ok
rcpt to:<jared@nether.net>
451 try again, pending callback
vs:
220 welcome, but no spam
ehlo spammer
250-callback-secure
250 help
mail from:<spammer@hotmail.com> callback=spammer.example.com
250 ok
rcpt to:<nouser@nether.net>
550 no such user here
there's also the need to do some sort of pki to allow
callback to be secure. eg: the dns record for nether.net should have
some public-key in it and then some other stuff like possibly
mail from:<realuser@hotmail.com> callback=validate.hotmail.com;key=<alkjsdfj>
then pass the 'key' through the public-key availble via dns to
provide back an authentication system to allow for more secure
callback.
but this can still be abused depending...
just some thoughts,
-- snip --
- jared
On Wed, Aug 21, 2002 at 02:38:31PM -0500, Larry Rosenman wrote:
>
> What about individuals that run their own mail servers? (E.G. me).?
>
>
>
> On Wed, 2002-08-21 at 14:28, Derek Samford wrote:
> >
> > I really like this. A sort of IRR for mail servers. Maybe when
> > registered it could even check if the server was an open relay, and not
> > allow those servers to be registered until properly configured. Any
> > thoughts?
> >
> > Derek
> >
> > > -----Original Message-----
> > > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf
> > Of
> > > Mark Segal
> > > Sent: Wednesday, August 21, 2002 3:12 PM
> > > To: 'Robert Blayzor'; nanog@nanog.org
> > > Subject: RE: IETF SMTP Working Group Proposal at smtpng.org
> > >
> > >
> > > > It's almost to the point to where mail servers need their own
> > > > "registrar", sort of the way domains are tracked now, track
> > > > mail servers. Give mail server admins the option to accept
> > > > mail from registered mail servers only or from any mail
> > > > server. Of course there would need to be a ramp up period,
> > > > like six months to a year, to make sure all of your mail
> > > > servers are registered. And of course one should only be
> > > > able to register mail servers if the IP space is actually
> > > > SWIP to them. If the IP space is NOT SWIP, it would need to
> > > > be registered by the customer ISP or via owners rwhois
> > > > server. Just my $.02; for what it's worth....
> > >
> > > Really good idea (no sarcasm, I actually like it).. But what stops
> > > spammers
> > > from registering their mail server?..Ie..
> > > 1) Get a dsl account
> > > 2) Ips get swipped to you
> > > 3) Register the server
> > > 4) SPAM
> > > 5) Apologize, get a second chance
> > > 6) get booted off
> > > 7) Call the next ISP with a zero install
> > > 8) Rinse and repeat.
> > >
> > >
> > > Regards,
> > > Mark
> > >
> > > --
> > > Mark Segal
> > > Director, Data Services
> > > Futureway Communications Inc.
> > > Tel: (905)326-1570
> >
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
