[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] 6. Proposals - Challenge/response - CRI

To: "Eric Dean" <eric@purespeed.com>, "Andrew Akehurst" <A.D.Akehurst-99@student.lboro.ac.uk>, <asrg@ietf.org>
Subject: RE: [Asrg] 6. Proposals - Challenge/response - CRI
From: Yakov Shafranovich <research@solidmatrix.com>
Date: Sun, 17 Aug 2003 22:34:13 -0400
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

At 04:40 PM 8/15/2003, Eric Dean wrote:

.............
> My other "first reaction" to the proposal is that the SMTP idea is
> interesting although the use of a 4xx temporary failure code for a
> challenge will of course result in non-compliant sender MTAs
> retrying and repeatedly failing. Of course in the end they'll
> give up and then will the sender's original message bounce back?

I'll let Yakov reply

[Sorry guys for the delay, but with the blackout my company's mail servers went offline and I missed the message.]

The CRI proposal itself proposes the use of SMTP in addition to MIME headers in order to facilitate easier interoperability between two systems that already support CRI. By using the SMTP extension, the receiver's system can forgo the expense of storing the email while the verification process takes place - instead that burden remains on the sender's system.

However, I am assuming that you are referring to "GreyListing" (http://projects.puremagic.com/greylisting/) which rejects the email with a temporary code. While GreyListing rejects email from specific IP/sender/recipient combinations, in C/R systems that would take place for any non-whitelisted message. This is in fact what Peter Key's TitanKey system does, although it rejects the message with a 5xx code.

A normal Internet email system will keep on retrying to send the message depending on settings set by administrator for quite some time (I have seen email systems that go on for over seven days). In the end they will fail and bounce the message to the sender. However, in that case the sender has an option to resend the message once he replied to the challenge. In that case, his email will go through.

NOTE: Keep in mind that the ESMTP extension in the CRI proposal only applies to two systems that both supports CRI. If one of the parties does not support CRI, then everything falls back on MIME headers.

> I'm interested here in the interoperability issues between MTAs
> which support CRI and those which don't. Some more discussion in
> that area would be helpful.

Well..the MIME headers should be transparent...then you still have to write
a clear email message explaining what to do.

One of the things mentioned in the CRI proposals is the possible use of DSNs. DSNs have a human-readable message as well for system that are non-compliant. In CRI enabled systems, the human readable part will contain response directions for non-compliant systems. The machine-readable part will contain CRI headers for systems that support CRI.

Yakov

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: Re: [Asrg] 7. Best Practices - DNSBLs - Article
Next by Date: Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - Experimental Design
Previous by thread: RE: [Asrg] 6. Proposals - Challenge/response - CRI
Next by thread: Re: [Asrg] 6. Proposals - Challenge/response - CRI
Index(es):
- Date
- Thread