Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


SMTP Authentication Hits Standards Track



 By: Larry Seltzer
2004-05-03
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. SMTP Authentication Hits Standards Track
  2. ' Supporting RFC2822 '

Rate This Article:
Poor Best
SMTP Authentication Hits Standards Track
( Page 1 of 2 )

An IETF working group has taken up SPF advocates' challenge to define a formal standard, and it's moving at the standards-equivalent speed of greased lightning. I've always said we should hurry up and do this, but who knows what we'll end up with.

SMTP authentication is coming. But in what form?

There is a broad consensus among experts that SMTP authentication, by which Internet mail servers will be able to confirm that messages sent to them come from the domains from which they purport to come, will help to fight spam.

Nobody thinks its the cure for spam, although many (myself included) think its a substantial and necessary ingredient in drastically setting back the infection of spam on the e-mail system.

Several major initiatives have been announced over the past year or so, the big three being the Sender Policy Framework (SPF, formerly "Sender Permitted From:"), Yahoo Inc.s Domain Keys and Microsoft Corp.s Caller ID for E-mail.

At a regular IETF meeting in Seoul, South Korea, in February, a formal IETF working group was created at the urging of SPF advocates. The group, called MTA Authorization Records in DNS (MARID), has a charter that is interesting and, for the most part, admirable.

The group will focus (as the group name might imply) only on MTA authorization, and only on DNS-based mechanisms. It maintains a fairly rigid and aggressive schedule for making certain key decisions.

Resource Library:

The group is an outgrowth of the Anti-Spam Research Group (ASRG), a part of the Internet Research Task Force (IRTF). The ASRG has produced a digital mountain of discussion but not a whole lot of consensus on actual solutions, and theres way too much topical variety and digression on the groups mailing list. All of this is perhaps why some folks went to the IETF asking to be saved from themselves and to have a standard put on the "railroad" track.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

The group really began talking about things just about a month ago. According to the charter, there are major decision-making milestones in May and June and a working-group document submission in August. If the process only amounted to rubber-stamping the SPF specification, the schedule would be a breeze to meet, but as I have said, there are three major proposals with big differences among them. Theres no question that someones interests arent going to be met.

A bit of technical background is necessary here: RFC2821 is the specification of the SMTP protocol, including some addresses used in what is called the "envelope" of a message for saying where the message is going.

RFC2822 is the standard for the format of the message transmitted by SMTP; this includes all of the message headers and defines what the user sees as the "From:" and other key addresses. SMTP authentication proposals generally focus on one or the other of these.

The chairmen of the working group, Andrew Newton and Marshall T. Rose, announced April 29 that the group would focus on RFC2821 identities, meaning envelope identities—basically meaning SPF.

As they say, there is a strong consensus that further checking based on RFC2822 (message header) identities should be done, but basically this will be put off so the group can meet its aggressive deadlines, unusual deadlines for the IETF.

Next Page: Chairmen say framework must support RFC2822 mechanisms.





  Reader Comments: SMTP Authentication Hits Standards Track
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


x}r۸j9km]mGJɖkŶ,%^I*%BER5s'ˮO7t%_2TlFwh4~ 'I"gn;̢dw}=zk;HR}gL#r-GgPSrdH-w!@au۵ܐruz>;|9|@vD%j'AM3c{ڮlN1ecs[gp,FmgM5d{9B ~5[sr!%֥qϊͽ'c! [tV9v oT| pTƦ;=az5EhDԸ#|x\{໇d3#L=xa/ w-}~@3ZUX'[vB䅠1FE8 u#7J3v'u٪b'ӤbfHÑcPwXS.HVfFԴ;gu[gb]ױ}ǣ# 3Cv?ĭ?Q If% aWK k0~b>4I܅N؎MEnڏU[۾tÛl<$.j.9ac& } txz`:vxtTa_dY73mhÛMyhjjUP)^rww3mù-Ӟݛ89n~L k_gJY4E?^O/s$(` mKIu]+h0Ns#ϭw~@ΰ{Ad}#5UJ`Z. $_'6tt<_Bn ,>:GFI/j;n/4E; Kpf1SdXI#/YTUGf9jzMҺ赮.鵎Oڭd̲1<JEӀ Zvb!?ޚCV'kEs%'+l}n _Gt@  Wh: Noz 6O{:$O-rK=jZ-Kj=2OqeLxY$Y.r$:흟Czn&j ݒEB_;X]KŗG)H7#ǚ Mmdʩ$|ǺzNRl>o43@_x0Nu{fr@kFPYD`6R\ 9lbsv!fByM)oz@@ZR~nV(US%EI7#DD vxr!DKI88c^IR]E1\}૆Ź!jYY6'*taeIUiS[ӢKsq}j5IsVЂ)WC EhYf7-vIQM}sQc1x+%YEe_U _1p-~~b0B m] :gV},}0;}J_{ϧ0g@P?: M/6C˥~jpb>#äpp|g͇v13 a {>0sJ}D5h-DCw 0Ieg&S yK ΝdrkoM~(wE@>X^0 vjq.HpyY?d| wA,߽9#z[MKx GِzRP|'sZ( w^`y""D% T h4AGEENAww$]I+TbD8JnOu$9cJ"ڹLX*QY,p[/ ͙JRdy8ZLboD6], S m-Muc{XT5m\O4MhFЄ%1@.ϼG32H`0HCb;NM: x9wo@Cyu[J`p=Ͱ"̴b֜u4dufB7 Ɖ9 R g?fx0-qڛ8wuVw]ˤF|a* ,q7& 3Ͱ&q_;+owzbré&9|YrY2훿i /&](LuΩJJ&k*HX3j-yrp V֌Or1r@yOS*rH1g0dz׍[Oq=џ8S7RtZC+>q^i.;[@Lg˺z+fYT]۽/ 7RiO4 m {24@0ٖk_Xt jQWt(:АT um:bXGJG!1~h/a2(&nw߱}|sö V/U Wß@-jISJ < đMTBYaT;(l]x|굍VV0\ ?@R)Ö1Sg`i'[T'ł\PZr>r+b"8:T:$ݦ݀ä:,Cd.w'^~:FaY857^_>m^8R39X>: ;012& z@jAbv6yn)crdl-qVYw7䪢-}K3^W< OQ# A\=< &`QtEa:NiI PsAMzO1"ڟskh豸4] QB|ڵ`LaMS؇b_@T_-5k7k"X쵿KCbQD h^;p ZN:ӁZFB-š8k*rWo鸙 gy@<sUJ [ b&T~\zy خiϼV:9e6e'}uTc7o2\$t#>r_&ȫ"mS5ѻMclޥ0͜)6@y`kea bȈCrfzB$>3/-Zif?yTJJ\ӳ $J+@:erЗSv8^gUU;MyRf̚,*Cjm>a,0r]C)&!jخOl$o,y U8e3 -S`e3˕2~^`. JU-~ |{AcEi\ixmb=ǪBTuAR5TbPQKJB'Q!fA#G"ZAY_MkOkhs!p B0_\PF.^2I$̸yF0ŗ%K'G@lXC=B.ܒ(tם5.f1secfaI3N)`{IO$#3=#nYժsVB 'I#cg?fmy:J"q2NP9ɷwnh‰mCXx|{ `?K{e, ,"zдR=.=2fV(Yŵ?hhqL _~ۅ^kUeabE1 wcyJV~ZgZqRYtW%pnNHAc't8o}93>L{̾~xfmڝ {HN[(@?^-;,5._ER:$j)Zlb8 } L@IP 4p=$iO"l/>HWmu #8-dD4|uՇqsŏEKJ:\9$!5.XF^9>k5M1k0fhR`QfF<>72l&zA5q\5[WY0pz!vBZMUc z Ay8<\F`v~Y_aݪ,d"0.&Wtzȃ}E9ǀzB*lw/_#i%LB( `E/Щ c~HFrI'zRG>egqπ/PAS):(9Q0[LӷoHWY;GD_q-5sz4~& \1Z9nl&=B2^'68]h)9IBEa]Zinuz}@&aP;DZ3pu*h hw-SsS)dAGJ脊fye5))eH5NRMLC]OC/%$;kB:zs gaM6mn3gj?l6D20&@v\f0Ӑ`qk7‰@P V- QגZ4ҫoeW!9 lj9l01ta^rWSu"6GHD91uv;2x;zZ1 ?ݮpne9jo;t~zv`蚳)o. L[ıwp߆؉ ?O.yrorW8{JM<:Uj3d]yE<.ďg%㇆3MQLf\tzqk]ŗ)arԂ.cAI#Q 6j 2'|?Gdc: M"I^U֩UdU)I]YDG㳑)G8bZ`@L6COځ{-3(!GoC]j~l]s!TxBo~=ˤa2]a{*{w}wo]VZtC.q@1&d/.)%E 5 OKt1ڬ/ۥ{H?vV5BĬhgdO#@/,vh6tY ~AXy Vorl8Grs&8<O$Feuw#S''Sc3HF#%k&yS˱mF @|Րg;ar*|b \<e/&qFL>>b,0eRKͰbN/^nqIL2m*b.\s}wUa!Ǝʰd9bvYr4\/B8rYp>yQʺ8nbMU;xPC!0G:XE_Gs;YZdwQ71#Į}vuww; #[c2ٖb;;3 )R1<= Io5 G&Ջ[,:,ɠ#:wRYn!hs2Pq <9ц) +M]1(\zoGaN{2L~nN+H2 W!EjbX7%3(Yz%./xqY{?Ar :(qSmZPKqٳ?Z!) wHu@2$#'%DI{LI}^fF׎2[ &0q޵qBieL"ZQJՊ}?(N>n˚7-^RkSg@ >A_~tV-jBrS$SF- ~<2롢bZuz@ 9gh/m@@/2(8zx7 bH ;0>Zxr:e!b4Vc7@ȄA#hc h a{!!JhKS2ϥR$E/.7*x()%I+MyCe-ԭONf/a|嘏F|B&0ȄA&9A<U#瑔?mp_ҴMx&c7RysL0>&H%_Z>bG חm5 Y+l:gXy;3Y!OƨǚA!`.`+CԷBM-GU%)󔞝y)uӒ4&#- _$E1_|] !zT.jVt> !  t҉i1ט_{]c`[&>m[ԍ"ÍbS1eKG3eIݙwkRTVA8`{ڋkkYD@z}I5b}I!똆wyPxEt-nLLLLJI?ݙ)'V-rMb,}s_j &pf_Yqobz H]wH0pk4suwG#{N&-H bn?aB'`c}8Ӵ7dv}K[i1I? oFHΐKېk Jg|iy{E^Dc/kx=[V: ]0XYnP`Mk;Ct" $@6சk- ى[\ߪPz9KmvtSI- M~bS(k7|37bg!neQfw.DS(_c<_ñxCNDO_+> 7ĺq 9ݳ-8,v$Gzm [#Q^_zCC88888_S+WqF[UЗf} "u',)&5,`h R2 1o3rm;~C@x ݍpoR}{h; ^w~93_:`C37z7{OGbו+kh: 1MJWes\IUF֏nMP [ i=JJ^ޱ/~V.GajqM1{$|/qh$@o<Lj.d6E-yf]]|M=_:3b]~e70s_e#(  Ghok}Ӛ/Y+<ƗZ=%ݗ=Ie:>)>OU^Ż +IöYmc|gM_f\qחW9} ~te`_g;y^Rɸg븺e)W&.^%t˷+5W31l4>]tӫƠBtOk1 Z[$tym]$5v?hb+@ML6-0V'EQ2Z򝧻. [~1{tҥtPoJYn$VC|_~X*y={c ~uP2oO3@84kI/N$8&wGJpƊ8e[Ysp@7T)) ,í"%]D/.ޮcb >&:F:?_W.K{~i +5oqa0}|W{aY@{3I7mq#!Zp6P]?z Ucb`t51ǚCad=͉Û;C̏2.NdãE&UOo|֊[N&Ҫ=F(Kl 6(QiH :-Fr86_}h/rS׺a 06$o,SMhͦl1a:&MxʟG~RJ~q'dN ;M0&_監[Q@x8n {7c{[-ո$[]&!-Xvď;"`X/+ð֌rc[At^RQe~ۘGP&-%8I B(lhFX8"6l;Aˢǝ'NsnI(aZҶ%Ʈ$Jjad7$ƽ⪚tyϹcLGl F꨺X/Za0xm1V&GBA8AXJo,"xaCc8(ĒAǤ@FpxAiLʃxSZB=̀sj41!^<r>&ƘKjx VQՒ|Rӊ,w)]dDo=71ꮐ֘1h*B UٜAKu.*Z!?|Zca:Ok6j=!`58?إFn&)m'hzBRKo^3c B(ͪND\`ͪȓ'qE[TvXj 13;WlSAƻЭ%zETɕFsş(~ '}^pYXk:Rga^1TҊj9yK9i < Pm̼ϴ@GBSxdGd.$ql5`G; roEVIz# ,Ő̝?ZEDP# quj}D~hE{ZW] d!ϝk`Cߑ7ŝ>'죋B)3fAYr“9Yx#ɔ,0AuA"\2,GAn25:PL%~ 6t0VQ=1e&|Ǯ%nNK Ib$P!%h$bcx=9~adka]N̡/#}|AaPZ  +z+U'I]Ui_)9CȮ KDU8|.O\Y,f/c[iBRSx r##vFCdR̖G|LBz،\{ݾ1A 9\9jHQ}kw.Qs} \MGݪ;G嗓E}y@v>H5m+LJY22 'Sfr[sm.4 "Gd;ˀW}VX\ms5Q{gPJTٌ/!jbTũ0 ?7z Uղpڽ/Пxq3/KK#CEM/G*4]V08SDnu#Vn ,#( _3ʯj}q8QށNF9rzo}yhleCI}>@?d'(חzQkg3틌r;nF( eٮ~1>y< ><@ g9y^d?gBiF?P~Q{1 ?sw1~'? /q _fs?]fe__P埀>eg(U}3s::3/9IR< 9k\픊(eK " SV9,.N2cT7'%Y#ܻ Gz‰nQ' oLxĻOݞ܃辊r m>v=y^^t>Rqà6v {x5CZWeC=gZ}yPS4MdBgpX`$fZ gޥ8 a箨%g,BN_ MW镆.` Dǝԍ21Frl VT+[-WJr 6 #.Q5YUdJ.'jeeTL3BAzG l]{J̾ZCO3CX)ḃ}̺l5@ P1=:6aۨ*Yۼx0%aw8c+x;b(q ?,(sTY\FlOB/gVx 30lƪ1iR {{[2gډ5 fu̿O6yIp&ӄY"Døż<@c d߻E!Lcx uY;Kuo2& 6Lĭ.[W1^{ #D3dưz< RƠ)e h @<`oȲsLALH\VAxԲx*Dಁe"=` sm#اTt r!,NNL[eMc(ŬBCd=)O?7G[nI\k<>ci xzc<znG}޴]7ё*|? Oe Lwt0͡o0kn>Q$L{s>zQ[`K쒧p ?dtE#bSp!@>pE֦2QTD Q)ۉYbd휙fp"#Q*Ԯm^x9Na^|˼+AѮYm0w6L%/#Z$C`WH؂{Xi[e1RpCV)tOĕߋBVt3BW5`/=H^(|9N!hՆG0ޏq[7PRl@ xS az ˶)E=b 9QmQ-N?X70(|Ntu ۊ|Va=rks`CΜ *φŀ{Ⱦ ^f#1ͱWedg)C2^#s!? Ln3m^^kti( aavX!f07Nw6̈́ В^&Ůvbe}>U'