This is a general query to users of TMDA or other challenge-response systems, just to get a sense of whether the end-users think the following idea is a good one or a bad one.
If a given sender is well-identified and is known to have a good anti-spam policy in force, should mail from that server be exempt from challenge-response and delivered straight to the end-user? Would you configure your system that way? Should software (like TMDA) be configured that way by default? This is a little vague (on purpose) because I'm trying to find out the opinion of the idea in general, rather than just one implementation, but I'll give a couple of examples. The company IronPort Systems (http://www.ironport.com/) is beta-testing the system they call Bonded Sender(TM). See http://www.bondedsender.com/ and http://www.bondedsender.org/, where organizations put up money up front that will get debited for any verified complaints (there is a dispute resolution process). This seems a good idea for businesses (at least medium-sized and larger), although it may be too pricey for small-businesses, individuals, non-profits, third-world businesses, etc. I'm not connected with IronPort in any way, by the way. My employer may consider participating if there is enough utility. For example, it would be great if this really got us past all anti-spam software, including challenge-response systems. (I should emphasize that we DO NOT send spam; we send things like invoices and lab results to users who have specifically signed up for them.) I realize that challenge-response systems have mechanisms for pre-authorizing senders, but I think that many users will find these too complicated and that the error rate will be high. The implementation of BondedSender(TM) uses the DNS system. Specifically, you would look up the SMTP sender (just the last one before it enters your domain) in a domain controlled by IronPort. E.g. to check if SMTP server 192.168.1.2 was a Bonded Sender, you would query for A records for 2.1.169.192.query.bondedsender.org. (Obviously this would leave dynamic IP addresses out.) Besides this specific system, other implementations are possible, e.g. cryptographic. An SMTP-over-TLS server can be identified by its certificate, although that by itself doesn't guarantee any given anti-spam policy. Also, individual messages can be digitally-signed, which is advantageous for other reasons. The issue of what kind of certificate to accept is very important. I'm told that many SMTP-over-TLS sessions use self-signed certificates, which do provide some protection against eavesdropping, but don't provide any guarantee of identity. There are also some CAs that provide free certificates for encrypting and signing email, but only certify that the certificate holder had a given email address (at the time the certificate was issued). The advantages I see to exempting "certified" senders are this: 1) automated mailings from certified senders will go through without special intervention required. 2) individuals would need to respond to fewer challenges and have fewer valid messages in their pending queue 3) could reduce the challenge-to-forged-from-address problem (*). I think that it is possible that challenge-response systems could act as a bridge between unauthenticated SMTP systems (currently all), and the brave, new world of authenticated email. The fact that people find challenge-response systems slighlty annoying, and some people (I won't name names) find them very annoying, could actually act as a stimulus to people going through the hassle and expense of authenticating. So, what do you guys think? Would you consider exempting (e.g.) BondedSenders? What about messages that merely have identified senders, but aren't linked to an anti-spam policy? Ken Hirsch (*) I think I should explain my thinking on item (3). If a message comes with a "From" address that indicates it is from a trusted domain, but the IP address of the SMTP server indicates otherwise, then a challenge message should not be sent and the message discarded. Ideally, there should be a reject (55x) message during the SMTP session with informative text (but not a challenge). I realize that most challenge-response systems currently act after the SMTP session has terminated, in which case there is danger of losing a valid message. _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
