Presentation is loading. Please wait.

Presentation is loading. Please wait.

D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking.

Published bySharyl Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking."— Presentation transcript:

1 D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking mipassoc.org/batv 03/08/05 13:13 D. Crocker Brandenburg InternetWorking mipassoc.org/batv 03/08/05 13:13 MIPA

2 D. CrockerIntroduction to BATV 2 MIPA Basic Email Roles Envelope – Mail-From Content – Return-Path Return address (bounces) Content – Received header Receiving Relay Sending Relay Submitter into transfer service Originator (author)Who Content – From/Resent-From Envelope – HELO / EHLO Content – Received header Content – Sender/Resent-Sender Specified in

3 D. CrockerIntroduction to BATV 3 MIPA Bounce Addresses Abuse  Redirecting flood of bounces  Spam sends to many invalid addresses, thereby causing masses of bounces.  Spammers specify stray bounce addresses – like yours -- just to get the traffic off the sending service  Backdoor trojan  Bounce message, itself, might contain dangerous content  Denial of service  The flood of messages can cripple the bounce receiving site  Redirecting flood of bounces  Spam sends to many invalid addresses, thereby causing masses of bounces.  Spammers specify stray bounce addresses – like yours -- just to get the traffic off the sending service  Backdoor trojan  Bounce message, itself, might contain dangerous content  Denial of service  The flood of messages can cripple the bounce receiving site

4 D. CrockerIntroduction to BATV 4 MIPA Evaluation Venues MTA MDA MTA MSA BounceReceipt BounceGenerationBounceGeneration MDA MTA Sign MailFrom Intermediate Relay

5 D. CrockerIntroduction to BATV 5 MIPA Bounce Address Validation Goals  Bounce recipient delivery agent  Should I deliver this bounce?  Bounce originator  Should I create this bounce?  And by the way…  If the bounce address is invalid, the entire message is probably invalid  If we can detect forged mail, we do not need to worry about its bounce address  Bounce recipient delivery agent  Should I deliver this bounce?  Bounce originator  Should I create this bounce?  And by the way…  If the bounce address is invalid, the entire message is probably invalid  If we can detect forged mail, we do not need to worry about its bounce address

6 D. CrockerIntroduction to BATV 6 MIPA BATVBATV  Sign envelope Mail-From address  Protect against simple bounce address forgery  Possibly protect against unauthorized re-use of signature  Submission Agent adds sig to bounce address MAIL FROM mailbox@domain  sig-scheme=/sig-data MAIL FROM sig-scheme= mailbox /sig-data @domain  Multiple signature schemes Symmetric Symmetric – can only be validated by signer’s admin Public Public – can be validated by relays on original path  Sign envelope Mail-From address  Protect against simple bounce address forgery  Possibly protect against unauthorized re-use of signature  Submission Agent adds sig to bounce address MAIL FROM mailbox@domain  sig-scheme=/sig-data MAIL FROM sig-scheme= mailbox /sig-data @domain  Multiple signature schemes Symmetric Symmetric – can only be validated by signer’s admin Public Public – can be validated by relays on original path

7 D. CrockerIntroduction to BATV 7 MIPA A Symmetric BATV Signature  Originating site uses any signing scheme  BATV spec provides a simple version joe-user@example.com  prvs=/tag-val prvs= joe-user /tag-val @example.com tag-val =Encryption of (day address will expire, original mailbox@domain )  Originating site uses any signing scheme  BATV spec provides a simple version joe-user@example.com  prvs=/tag-val prvs= joe-user /tag-val @example.com tag-val =Encryption of (day address will expire, original mailbox@domain )

8 D. CrockerIntroduction to BATV 8 MIPA Public BATV Signature  Same style as for symmetric key approach  Except that originating site uses symmetric key and the evaluating site must obtain the public key  Public key distribution is the core difficulty  Therefore, piggyback the effort on an existing message encryption effort, like DomainKeys and Identified Internet Mail  Unfortunately, no existing public key-based message signing effort has widespread support… yet  Same style as for symmetric key approach  Except that originating site uses symmetric key and the evaluating site must obtain the public key  Public key distribution is the core difficulty  Therefore, piggyback the effort on an existing message encryption effort, like DomainKeys and Identified Internet Mail  Unfortunately, no existing public key-based message signing effort has widespread support… yet

9 D. CrockerIntroduction to BATV 9 MIPA StatusStatus  Several rounds of specification and open comment  Now recruiting field experience  Plan to pursue IETF standardization  Several rounds of specification and open comment  Now recruiting field experience  Plan to pursue IETF standardization

10 D. CrockerIntroduction to BATV 10 MIPA To follow-up…  Mailing listhttp://mipassoc.org/mailman/listinfo/ietf-clear  BATV specificationhttp://ietf.org/internet-drafts/…  Bounce Address Tag Validation (BATV) draft-levine-mass-batv-00.txt  Internet mail architecturehttp://bbiw.net/current.html#email  draft-crocker-email-arch-03.txt  Mailing listhttp://mipassoc.org/mailman/listinfo/ietf-clear  BATV specificationhttp://ietf.org/internet-drafts/…  Bounce Address Tag Validation (BATV) draft-levine-mass-batv-00.txt  Internet mail architecturehttp://bbiw.net/current.html#email  draft-crocker-email-arch-03.txt

Download ppt "D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking."

Similar presentations

1 Mailing list software in the war against spam May 2005 Serge Aumont serge.aumont cru.fr.

1 Mailing list software in the war against spam May 2005 Serge Aumont serge.aumont cru.fr.
Reputation Discussion Panels: Seeking a Common Understanding Dave Crocker Brandenburg Internet Working bbiw.net MAAWG / S.F. 2006 Dave Crocker Brandenburg.

Reputation Discussion Panels: Seeking a Common Understanding Dave Crocker Brandenburg Internet Working bbiw.net MAAWG / S.F Dave Crocker Brandenburg.
Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis

DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
Sender policy framework. Note: is a good reference source for SPFhttp://www.openspf.org/

Sender policy framework. Note: is a good reference source for SPFhttp://
Architecture of Email SMTP, POP, IMAP, MIME.

Architecture of SMTP, POP, IMAP, MIME.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Email Spam Works.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.
COEN 351 Non-Repudiation. A non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against false.

COEN 351 Non-Repudiation. A non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against false.
Understanding Forgery Properties of Spam Delivery Paths Fernando Sanchez, Zhenhai Duan Florida State University Yingfei Dong University of Hawaii.

Understanding Forgery Properties of Spam Delivery Paths Fernando Sanchez, Zhenhai Duan Florida State University Yingfei Dong University of Hawaii.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.
Identity Based Email Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.

Similar presentations

Ads by Google