Email Submission Operations: Access and Accountability Requirements

Finch, Tony; Crocker, D.; Resnick, P.; Hutzler, C.; Allman, Eric

doi:10.17487/rfc5068

Cited by 8 publications

(8 citation statements)

References 6 publications

(2 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Other standards like SMTP Extension for Authentication [29] lets SMTP clients to indicate an authentication mechanism, but it does not let servers to require clients to do so. Using port 587 for email submission separated from transmission [14], too, is helpful but limited, its mandate of authenticating outgoing senders only partially improves traceability within senders' local domains [17]. Without comprehensive mandate, none of these (altruistic) standards really helps.…”

Section: A Security Solutionsmentioning

confidence: 99%

Identifying and Addressing Rogue Servers in Countering Internet Email Misuse

Liu

2010

2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

View full text Add to dashboard Cite

Digital forensics is important in solving Internet security problems. However, in terms of improving security, its usefulness may have been hampered by the limitation of law enforcement and by a distrust, antiestablishment sentiment in the Internet. For digital forensics to work with (not against) security measures, a check and balance mechanism is needed. We have proposed a trust management framework that incorporates accountability to be such a mechanism. It is for servers in the Internet to set their security goals beyond protecting themselves, and to augment their services with accountability. Users or peer servers who trust and use a service shall be protected, and governed, not by their or even the server's own security measures, but by the collectively established accountability. To address email misuse this way, we have considered facilitating digital forensics in two requirements of accountability, namely, identification and attestation. We also considered how the authorization and retribution requirements of accountability can work with digital forensics to deter and provide a recourse to fix wrongdoing, to achieve the goal of accountability, hence security. In this paper, we analyze an email trace to show that unilateral identifying and addressing in countering email misuse such as spam are coarse and the effectiveness is greatly limited by the human-shield effects, i.e., we have to accept more spam in order to avoid collateral damages. However, by making trust and accountability explicit, some of those mixed senders (servers sent both ham and spam) can be rehabilitated to change behavior. With a proper trust and interaction mechanism aiming to achieve the readiness for e-discovery, we believe legitimate mail servers will distinguish themselves in upholding accountability. We can then bilaterally and multilaterally further identify and address those rogue servers.

show abstract

Section: A Security Solutionsmentioning

confidence: 99%

Identifying and Addressing Rogue Servers in Countering Internet Email Misuse

Liu

2010

2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

View full text Add to dashboard Cite

show abstract

“…For example, spam, as defined in [RFC2505], is a by-product of this architecture. A number of Standards Track or BCP documents on the subject have been issued (see [RFC2505], [RFC5068], and [RFC5235]).…”

Section: Gatewaysmentioning

confidence: 99%

“…This work began in 2004 and has evolved through numerous rounds of community review; it derives from a section in an early version of [RFC5068]. Over its 5 years of development, the document has gone through 14 incremental versions, with vigorous community review that produced many substantive changes.…”

Section: Appendix a Acknowledgmentsmentioning

confidence: 99%

Internet Mail Architecture

Crocker¹

2009

Self Cite

View full text Add to dashboard Cite

Over its thirty-five-year history, Internet Mail has changed significantly in scale and complexity, as it has become a global infrastructure service. These changes have been evolutionary, rather than revolutionary, reflecting a strong desire to preserve both its installed base and its usefulness. To collaborate productively on this large and complex system, all participants need to work from a common view of it and use a common language to describe its components and the interactions among them.

show abstract

“…When opening a connection to the Submission Server, clients MUST do so using port 587 unless explicitly configured to use an alternate port [RFC5068]. (Note that this requirement is somewhat stronger than the one specified in [SUBMIT], as [SUBMIT] didn't prescribe the exact procedure to be used by submission clients.)…”

Section: Lemonade Message User Agentsmentioning

confidence: 99%

The Internet Email to Support Diverse Service Environments (Lemonade) Profile

Maes¹,

Melnikov²

2009

View full text Add to dashboard Cite

Email Submission Operations: Access and Accountability Requirements

Cited by 8 publications

References 6 publications

Identifying and Addressing Rogue Servers in Countering Internet Email Misuse

Identifying and Addressing Rogue Servers in Countering Internet Email Misuse

Internet Mail Architecture

The Internet Email to Support Diverse Service Environments (Lemonade) Profile

Contact Info

Product

Resources

About