X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007.

Slides:

Advertisements

Similar presentations

Draft-ietf-eai-mailinglist-00.txt Mailing Lists and Internationalized Addresses IETF66 Montreal – July 11, 2006 Edmon Chung, Afilias

Advertisements

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

IPv6: The Future of the Internet? July 27th, 1999 Auug.

© UPU 2014 – All rights reserved Mitigating online risk for postal e-services.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter 29 Structure of Computer Names Domain Names Within an Organization The DNS Client-Server Model The DNS Server Hierarchy Resolving a Name Optimization.

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Cornell CS502 Web Basics and Protocols CS 502 – Carl Lagoze Acks to McCracken Syracuse Univ.

1 Enhancing Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.

Technion – Israel Institute of Technology Department of Electrical Engineering Software Lab Remote Mailbox based on.NET technology Michael and Eugene Shamis.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

Message preparation Word processing Annotation Message sending User directory Timed delivery Multiple addressing Message priority Status information.

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Review of Last Session Search Engine Optimisation (SEO) Search Engine Optimisation (SEO) You can fine-tune your site so that the search engines notice.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,

Intro to Computer Networks Internet and Networking Terms Bob Bradley The University of Tennessee at Martin.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Internet Applications  DNS   TELNET  FTP  Web browsing.

Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.

Wireless and Security CSCI 5857: Encoding and Encryption.

DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.

1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 10: Web 10/6/20151Distributed Systems - COMP 655.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Module 6 Planning and Deploying Messaging Security.

Sympa Mailing List Server

The Internet TCIP/IP  TCP/IP stands for Transmission Control Protocol/Internet Protocol, which is a set of networking protocols that allows two or more.

TCP/IP Transport and Application (Topic 6)

 2004 Prentice Hall, Inc. All rights reserved. 1 Segment – 6 Web Server & database.

1 SMTP - Simple Mail Transfer Protocol –RFC 821 POP - Post Office Protocol –RFC 1939 Also: –RFC 822 Standard for the Format of ARPA Internet Text.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

EAI WG meeting IETF-65, March 20, Agenda 17:40 Welcome, blue sheet, scribe, agenda bashing 17:50 Review of WG charter (approved) 17:55 Problem/framing:

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

X-ASVP Executive Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 25, 2007.

Patrik Fältström. ITU Tutorial Workshop on ENUM. Feb 8, 2002, Geneva Explanation of ENUM (RFC 2916) Patrik Fältström Area Director, Applications Area,

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Protocols COM211 Communications and Networks CDA College Olga Pelekanou

IDN UPDATE Tina Dam ICANN Chief gTLD Registry Liaison Public Forum, Wellington 30 March 2006.

Query Health Technical WG Update 1/12/2011. Agenda TopicTime Slot Administrative stuff and reminders2:00 – 2:05 pm Specification Updates QRDA HQMF Query.

Chapter 16: Distributed Applications Business Data Communications, 4e.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

Module 5: Managing Addresses and Address Lists.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University

Data and Computer Communications Tenth Edition by William Stallings Data and Computer Communications, Tenth Edition by William Stallings, (c) Pearson Education.

Universal Acceptance: APNIC system readiness Byron Ellacott Senior Software Architect.

Uniform Resource Locator URL protocol URL host Path to file Every single website on the Internet has its own unique.

CIW LESSON 7 PART A. INTRODUCTION TO BUSINESS ELECTRONIC MAIL The use of has given rise to the term ______________________, which is a slang term.

July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.

SMTP: simple mail transfer protocol

Roadrunner Error 530 Call 1 (888) Toll-free

Misc. Security Items.

Social Media And Global Computing Sending

How to Send an Encrypted in Gmail on Android? | Hotmail Customer Service Number

Presentation transcript:

X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007

Agenda Authentication Issues resolved by X-ASVP What the X-ASVP protocol does X-ASVP Approach X-ASVP Process flow URL “search path” algorithm Meta-document example What the protocol does not do Implementation resources

Issues resolved by X-ASVP SMTP does not include sender authentication Does not require modification to end-user interface – Current “add-on” authentication systems require end users to send from a specific SMTP server. – Multiple authentication systems are in use: SPF (RFC 4408), Sender-ID (RFC 4406), DKIM (RFC 4871) – IETF approved experimental RFC’s 4405, 4406, 4407, 4408 for SPF and Sender-ID for a two year period

What the protocol does Defines a “search-path” for finding a meta- document associated to an address Defines syntax for meta-document entities Defines syntax for X-ASVP mail header Provides a framework for Level 1 extensions to the protocol

X-ASVP Approach X-ASVP Algorithm produces 3 URL’s for any address (domain, tld, global) Authentication is accomplished by the sender visiting the recipient’s web server Recipient meta-document can contain multiple items: – Do Not Registry preference ( UCE ) – Authentication token (Level 1: ASVP-WEB) – Public Key (asymmetric encryption – PGP )

X-ASVP Process Flow Recipient posts an X-ASVP meta-document Sender collects recipient preferences from the posted meta-document (uses setting applicable to desired SMTP transaction ) – Bulk mail ( “legal” senders will follow UCE setting) – ASVP-WEB ( “token” included in mail header ) – PGP ( public key available on meta-document )

X-ASVP URL Algorithm Goals: Distributed, Redundant, Universal Hosts: 1. the domain, 2. top level domain, 3. global Rules: 1. All alpha converted to uppercase, 2. non-alpha numeric converted to underscore Example: – – –

Meta-document example Token for Level 1 “ASVP-WEB” extension Do Not “Registration” Asymmetric encryption public key

Solution Data Flow

What the protocol does NOT do Does not limit the data that can be placed on a meta- document (syntax includes the container ) Does not limit extensions within the Level 1 method Does not define the algorithm for creating Level 1 data fields (for example, the “ASVP-WEB” token) Does not define the algorithm for verification of tokens

Implementation Resources ISP Implementation Details ( ) – DNS entry (x-asvp.domain.tld) – Web server virtual host – Meta-document generator script (example on committee website) – UCE setting (syntax available on committee website) Individual Implementation Details – Individuals can join the X-ASVP committee – Member TLD providers will host meta-documents for members of the committee