By Michael Caton  |  Posted 2004-02-02 Print this article Print

Changes to mail standards

Fighting spam at a standards level will require changes to both SMTP and DNS, as well as an added layer of authentication to the messaging infrastructure

Extension of SMTP

  • MX protocols provide a way for MX systems to block communications from co-opted clients and servers; would require new mail systems and an authentication system for DNS
  • C/R MIME extensions enable MIME to support authentication required by C/R systems; simplify C/R systems; do not prevent mail harvesting Changes to DNS

  • DomainKeys system authenticates outbound mail against domains to ensure mail is coming from a valid domain, reducing spam from co-opted addresses and enabling blacklisting; requires key authentication system and increases network traffic
  • Internal mail exchanger DNS record type validates mail coming from systems within the firewall; requires updating DNS systems
  • In addition, DMP (Designated Mailers Protocol), a draft proposal in front of the IETF, provides a way for mail transfer agents to determine if a system sending mail is authorized to do so by storing sender permission in a form. At the core of DMP is a record of systems in the DNS that are authorized to send e-mail. Rather than performing an address look-up every time a mail transfer agent receives a message, the agent checks the DMP record to verify that the sender is an authorized system. Unauthorized traffic is blocked.

    An effort is also under way to make anti-spam systems handle C/R in a standard way. The IETFs Challenge/ Response Interworking Framework creates a set of rules for establishing interoperability among C/R systems. The basic model is designed to simplify C/R interworking by allowing a sender running a C/R system to automatically respond to the challenge message from the recipient. If the sender does not have a C/R system, the message from the recipients C/R system would specify actions required to respond to the challenge manually.

    A standard model would help manage C/R systems, but they would still be subject to abuses such as e-mail address harvesting.

    Another idea involves charging for e-mail sent over the Internet. One such project, Microsoft Corp.s Penny Black, suggests that ticket costs or CPU cycle costs should be added to the process of sending e-mail. (No "charge-for-e-mail" proposals have been submitted to the Anti-Spam Research Group.)

    This would make it expensive for spammers to hawk their wares, but it would also add cost for everyone to what has been up until now an inexpensive communications medium. More information on Penny Black can be found here.

    Technical Analyst Michael Caton can be reached at


    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel