Introduction to CSV by gregoria

VIEWS: 16 PAGES: 11

									MIPA

Bounce Address Tag Validation (BATV)

“Was use of the bounce address authorized?” Was use of the bounce address authorized?”
D. Crocker D. Crocker Brandenburg InternetWorking Brandenburg InternetWorking
mipassoc.org/batv mipassoc.org/batv
11/26/2004 1:39 PM 11/26/2004 1:39 PM

Basic Email Roles
Who
Originator (author) Submitter into transfer service Return address (bounces) Sending Relay Receiving Relay
D. Crocker
MIPA

Specified in
Content From or Resent-From Content Sender or Resent-Sender Envelope Mail-From; and Content Return-Path Envelope HELO or EHLO; and Content Received header Content Received header
2 Introduction to BATV

Bounce Addresses Abuse
Redirecting flood of bounces Redirecting flood of bounces
Spam sends to many invalid addresses, thereby causing Spam sends to many invalid addresses, thereby causing masses of bounces. masses of bounces. Spammers specify stray bounce addresses – like yours -Spammers specify stray bounce addresses – like yours -just to get the traffic off the sending service just to get the traffic off the sending service

Backdoor trojan Backdoor trojan
Bounce message, itself, might contain dangerous content Bounce message, itself, might contain dangerous content

Denial of service Denial of service
The flood of messages can cripple the bounce receiving site The flood of messages can cripple the bounce receiving site
D. Crocker
MIPA

3

Introduction to BATV

Original Path and Bounce Path
MUA Originator MSA MTA MTA MTA
Mail Agents MUA MSA MTA MDA
4

Bounce MDA MTA MTA

“No such mailbox” Recipient
MDA

= = = =

User Submission Transfer Delivery

D. Crocker

MIPA

Introduction to BATV

Bounce Address Validation Goals
Bounce recipient delivery agent Bounce recipient delivery agent
Should II deliver this bounce? Should deliver this bounce?

Bounce originator Bounce originator
Should II create this bounce? Should create this bounce?

And by the way… And by the way…
If the bounce address is invalid, the entire message is If the bounce address is invalid, the entire message is probably invalid probably invalid If we can detect forged mail, we do not need to worry about If we can detect forged mail, we do not need to worry about its bounce address its bounce address
D. Crocker
MIPA

5

Introduction to BATV

BATV
Sign envelope Mail-From address Sign envelope Mail-From address
Protect against simple forgery Protect against simple forgery Possibly protect against unauthorized re-use of signature Possibly protect against unauthorized re-use of signature

Submission Agent adds signature to bounce Submission Agent adds signature to bounce address address
MAIL MAIL MAIL MAIL FROM FROM FROM FROM

mailbox@domain ⇒ mailbox@domain ⇒ sig-scheme=mailbox/sig-data@domain scheme= data sig-scheme=mailbox/sig-data@domain

Multiple signature schemes Multiple signature schemes
Private – can only be validated by signer’s admin Private – can only be validated by signer’s admin Public – can be validated by relays on original path Public – can be validated by relays on original path
D. Crocker
MIPA

6

Introduction to BATV

A Private BATV Signature
Originating site uses any signing scheme Originating site uses any signing scheme BATV specification provides a simple BATV specification provides a simple version version
prvs=joe-user/tag-val@example.com val@example.co prvs=joe-user/tag-val@example.com tag-type = “prvs" tag-type = “prvs" tag-val = tag-val = Encryption of Encryption of (day address will expire, (day address will expire, original mailbox@domain) original mailbox@domain)
MIPA

D. Crocker

7

Introduction to BATV

Public BATV Signature
Same style as for private key approach Same style as for private key approach
Except that originating site uses private key and the Except that originating site uses private key and the evaluating site must obtain the public key evaluating site must obtain the public key

Public key distribution is the core difficulty Public key distribution is the core difficulty
Therefore, piggyback the effort on an existing message Therefore, piggyback the effort on an existing message encryption effort, like DomainKeys and Identified Internet Mail encryption effort, like DomainKeys and Identified Internet Mail Unfortunately, no existing public key-based message signing Unfortunately, no existing public key-based message signing effort has widespread support… yet effort has widespread support… yet

D. Crocker

MIPA

8

Introduction to BATV

Object vs. Channel
BATV
Protect the sensitive data directly
Secure Mail Secure MTA MTA MTA MTA MTA Secure MTA

Path Registration
Protect the sensitive data by certifying the relays handling it
Mail

MTA

Secure MTA

Secure MTA

MTA Secure Mail
D. Crocker

MTA

Secure MTA

Secure MTA

Secure MTA

Secure Mail

Mail

Mail
MIPA

Mail

Mail
Introduction to BATV

9

Status
Several rounds of specification and open Several rounds of specification and open comment comment Beginning to solicit experimental Beginning to solicit experimental implemtations implemtations Plan to pursue IETF standardization Plan to pursue IETF standardization

D. Crocker

MIPA

10

Introduction to BATV

To follow-up… follow-up…
Mailing list Mailing list
http://mipassoc.org/mailman/listinfo/ietf-clear http://mipassoc.org/mailman/listinfo/ietf-clear

BATV specification BATV specification
http://ietf.org/internet-drafts/… http://ietf.org/internet-drafts/… Bounce Address Tag Validation (BATV) Bounce Address Tag Validation (BATV) draft-levine-mass-batv-00.txt draft-levine-mass-batv-00.txt

Internet mail architecture Internet mail architecture
draft-crocker-email-arch-01.txt draft-crocker-email-arch-01.txt

D. Crocker

MIPA

11

Introduction to BATV


								
To top