Bounce Address Tag Validation BATV Was use of the bounce address authorized - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Bounce Address Tag Validation BATV Was use of the bounce address authorized

Description:

Spam sends to many invalid addresses, thereby causing masses of bounces. Spammers specify stray bounce addresses like yours -- just to get the traffic ... – PowerPoint PPT presentation

Number of Views:142
Avg rating:3.0/5.0
Slides: 11
Provided by: mipa5
Category:

less

Transcript and Presenter's Notes

Title: Bounce Address Tag Validation BATV Was use of the bounce address authorized


1
Bounce Address Tag Validation (BATV) Was use
of the bounce address authorized?
  • D. Crocker
  • Brandenburg InternetWorking
  • mipassoc.org/batv
  • 03/08/05 1313

2
Basic Email Roles
3
Bounce Addresses Abuse
  • Redirecting flood of bounces
  • Spam sends to many invalid addresses, thereby
    causing masses of bounces.
  • Spammers specify stray bounce addresses like
    yours -- just to get the traffic off the sending
    service
  • Backdoor trojan
  • Bounce message, itself, might contain dangerous
    content
  • Denial of service
  • The flood of messages can cripple the bounce
    receiving site

4
Evaluation Venues
SignMailFrom
5
Bounce Address Validation Goals
  • Bounce recipient delivery agent
  • Should I deliver this bounce?
  • Bounce originator
  • Should I create this bounce?
  • And by the way
  • If the bounce address is invalid, the entire
    message is probably invalid
  • If we can detect forged mail, we do not need to
    worry about its bounce address

6
BATV
  • Sign envelope Mail-From address
  • Protect against simple bounce address forgery
  • Possibly protect against unauthorized re-use of
    signature
  • Submission Agent adds sig to bounce address
  • MAIL FROM mailbox_at_domain ?
  • MAIL FROM sig-schememailbox/sig-data_at_domain
  • Multiple signature schemes
  • Symmetric can only be validated by signers
    admin
  • Public can be validated by relays on original
    path

7
A Symmetric BATV Signature
  • Originating site uses any signing scheme
  • BATV spec provides a simple version
  • joe-user_at_example.com ?
  • prvsjoe-user/tag-val_at_example.com
  • tag-val Encryption of(day address will
    expire,original mailbox_at_domain)

8
Public BATV Signature
  • Same style as for symmetric key approach
  • Except that originating site uses symmetric key
    and the evaluating site must obtain the public
    key
  • Public key distribution is the core difficulty
  • Therefore, piggyback the effort on an existing
    message encryption effort, like DomainKeys and
    Identified Internet Mail
  • Unfortunately, no existing public key-based
    message signing effort has widespread support
    yet

9
Status
  • Several rounds of specification and open comment
  • Now recruiting field experience
  • Plan to pursue IETF standardization

10
To follow-up
  • Mailing list
  • http//mipassoc.org/mailman/listinfo/ietf-clear
  • BATV specification
  • http//ietf.org/internet-drafts/
  • Bounce Address Tag Validation (BATV)
    draft-levine-mass-batv-00.txt
  • Internet mail architecture
  • http//bbiw.net/current.htmlemail
  • draft-crocker-email-arch-03.txt
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Bounce Address Tag Validation BATV Was use of the bounce address authorized" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!