Re: IETF SMTP Working Group Proposal at smtpng.org

[<william () elan net>]

Your quite wrong. With email we do in fact know "phone" for the calling 
party - its their FROM address and for callback we can specify if we trust 
or do not trust the other party to provide some different domain, so they 
may not be given a change to specify where to callback to. As example If 
they are trying to send email from <me () somedomain com> the callback would
have to go to somedomain.com mail server and the callback must use the 
authorization code given during initial mail call. The callback can also be
authenticated with TLS giving even more security that somedomain.com is a 
real operation. This will prevent 99% of spammers just there.

And as pointed an NANOG and other places other ways to verify that server 
is ok can also be used such as having whitelist for mailservers, using 
AUTH, etc. What is missing is glue in the protocol to allow servers to 
decide on level of trust as well as actual definitions for all these 
verification mechanisms.

> On Wed, 21 Aug 2002 15:55:41 EDT, Jared Mauch said:
>
> >         There is an important need to perform callback but allow for
> > the ability to protect information from possible spammers for
> > harvesting/verificiation.
> >
> >         eg:
> >
> >         220 welcome, but no spam
> >         ehlo spammer
> >         250-callback-secure
> >         250 help
> >         mail from:<spammer () hotmail com> callback=spammer.example.com
> >         250 ok
> >         rcpt to:<jared () nether net>
> >         451 try again, pending callback
>
> OK.. So now *you* have to callback and pick up the spammer's mail.
>
> What did that gain you?
>
> >         there's also the need to do some sort of pki to allow
> > callback to be secure.  eg: the dns record for nether.net should have
> > some public-key in it and then some other stuff like possibly
>
> Much easier would be to use the existing STARTLS stuff and use the cert
> presented to decide if you want to accept the mail.  
>
> > mail from:<realuser () hotmail com> callback=validate.hotmail.com;key=<alkjsdfj>   
> > then pass the 'key' through the public-key availble via dns to
> > provide back an authentication system to allow for more secure
> > callback.
>
> Note that the concept of a "callback" doesn't mean the same things on an
> IP network as it did on a POTS network.  Not that callback on the POTS
> network was ever as secure as people thought, anyhow...
>
> >         but this can still be abused depending...



 
> The only callback systems that ever came anywhere near working on the POTS
> network were ones that you told the callback "this is Fred. Call me back at
> the home number you've been configured with", and it called you at Fred's
> previously-configured phone number.  Having it say 'This is Fred, call me
> back at 127.0.4.5' doesnt do anything for security if you're just going to
> call 127.0.4.5.