[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] The utility of SPF/RMX/LMAP with Gordon's 'email ACLs' (was Re: HashCash)

Gordon,
I'm just going to pick out a few little points here about how LMAP is
complementary to your permissions system. Note that I agree with the general principles of least privilege for email senders.

1. Reducing zombie population

Likewise, we HAVE to work on cutting down the ease of zombie recruitment,
and I believe that my attachments (and HTML!) permissions list idea
(basically a fine-resolution whitelist) is a *major* step in the right
direction there.
I agree with you here. This goal is very compatible with implementing an LMAP system, because it means you have an authenticated ISP to send (automated) complaints and abuse reports to, and if they're on the ball, the user part will have been authenticated by them, so it becomes a matter of
economics for them to clean up their network, to reduce complaints or to
avoid black-listing because they are abusive to the Internet as a whole.

2. Preventing forgeries getting you infected

Even if one of those familiar senders WERE to get zombie-ized, the fact
that suddenly they're not behaving (SOMETIMES!) the way I expect them to behave is enough to cause the irregular mail to be zapped, EVEN THOUGH the real stuff they still occasionally send me legitimately will still sail through to me just the way it always has.
If one of your legitimate correspondents catches a virus, there are a couple
things that could happen. If they send you a mail directly, odds are it gets blocked by your ACLs. But imagine that the virus instead forges all of the N^2 combinations of To and From using the addresses in the infected users address book. There a chance (however slim) that you have a common acquaintance from whom you'll accept an email that will infect you.
Now add authentication back into the mix:
If the 'vulnerable from' happens to be in another domain, the message will
be rejected at the recipient edge MTA as forged. If it's in the same domain as the already infected person, then the ISP should be authenticating it.
Looks like a win-win proposition to me.

3. Sending back bounces to legitimate senders telling them that they were
out of line.

I don't see any point of E-mailing back (to who? AS IF there were a real
return address!) and telling them what to do to get past my checks!!??
Riiiiiiiight. No, a big part of the whole key to this thing is that the
legitimate senders know that their current behavior is acceptable (perhaps JUST!) and that they may run into problems if they stray too far
from that standard (and different recipients may have set their filters
With LMAP, this works better. You will have a validated return path to send a bounce back to, even after the message has been delivered locally. Thus, if one of your legitimate senders just steps over the line (maybe attaches a JPG that's 1K over what would have been tolerated), they'll get a bounce
saying it wasn't delivered, rather than wondering why you never responded.

Philip Miller

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg