14/27/2004Recipient Empowered Email Recipient Empowered Email Lucas Fisher, Thomas Heinis, Dan Noland{ljfisher,theinis,nolandd}@ purdue.edu24/27/2004OverviewOverviewProblem:The sender has most of the power.How can we give recipients power over the type of email they receive?Must be compatible be existing mail system.Solution:Require senders to state a policy their mail abides by.Inspired by Tripoli concept from People For Internet ResponsibilityImplement the solution using the Exim mail server and Chord34/27/2004GoalsGoalsAllow recipient to identify category of email message.Allow recipient to create policy that defines what email should be accepted.Senders assert attributes about the mail they send.Enforce the sender asserted attributes.Reject messages which violate recipient's policy with minimal use of resources.44/27/2004Related WorkRelated WorkStatistical and heuristic filtersSpam Assassin, CRM114Anti-spoofing technologiesMicrosoft Caller-Id, Yahoo DomainKeys, SPFSender paysCAMRAM, Microsoft Penny Black ProjectLegislationCAN-SPAM, various state laws54/27/2004Internet Mail BackgroundInternet Mail BackgroundInternet Message Format (RFC 2822)ASCIIHeader fields: subject, to, from, date, receivedBodyMail User Agent (MUA)mail clientOutlook, Pine, WebmailMail Transfer Agent (MTA)mail serverdelivers email to the recipientSimple Mail Transfer Protocol (SMTP)we will come back to this64/27/2004Recipient Empowered EmailRecipient Empowered EmailISPs and other third-parties already have policies that describe the type of messages their customers or members can send. Take advantage of this by relating these policies to recipients.Need to:Define the sender's policy.Strongly tie policy to a mail message.Define the recipient's acceptance policy.Extend existing protocols to support these requirements.Enforce sender's policies.74/27/2004Sender Email PolicySender Email PolicySender email policy – set of name/value attributes embedded in a X.509 certificate.Policy issuer – third-party which specifies a policy and provides policy certificates.Policy certificate contains the policy in a X.509v3 extension: senderEmailPolicyUses existing Internet PKI.84/27/2004Certificate HierarchyCertificate HierarchyEach box a certificate.Type is in bold.Policy issuer and policy certificates could be the same.Trusted RootSenderPolicy IssuerPolicy(Sender policy attributes)94/27/2004Payload Information Token (PIT)Payload Information Token (PIT)PIT is a “key” that a sender must present before an MTA will unlock a recipient's mailbox.Keep as small as possible.PIT is sent before the email message using a new SMTP extension.PIT must be resilient to attacks such as theft and replay.104/27/2004PIT ContentsPIT ContentsList of email recipientsCryptographic hash of to, from, cc, subject, date headers, message body.URI of the certificate chain used to sign the PIT.Timestamp of signatureExample contents:pit-recipients: [email protected],[email protected],[email protected]: http://myisp.com/certs/8820bd0d.0pit-mdigest: SHA1:ScJ1OVeXbx0yIQ+05mxRR9Dtz98=114/27/2004PIT Encoding and SigningPIT Encoding and SigningSigned by sender.Need a standard way to specify signature algorithm, signer, value of signature, etc.PKCS#7 from RSA SecurityAlso used by the S/MIME standard.But, this is binary so translate to PEM encoding.Encoded PIT is about 1000 bytesExample...124/27/2004Payload Information TokenPayload Information Token-----BEGIN PKCS7-----MIICawYJKoZIhvcNAQcCoIICXDCCAlgCAQExCzAJBgUrDgMCGgUAMIGABgkqhkiG9w0BBwGgcwRxcGl0LWNlcnQtdXJsOiANCnBpdC1yZWNpcGllbnRzOiBib2JAbXlpc3AuY29tLGNoYXJsZXNAbXlpc3AuY29tDQpwaXQtbWRpZ2VzdDogU0hBMTpTY0oxT1ZlWGJ4MHlJUSswNW14UlI5RHR6OTg9DQoxggHBMIIBvQIBATBnMGIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMQ8wDQYDVQQKEwZUZXN0Q0ExDjAMBgNVBAMTBU15SVNQMSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0QG15aXNwLmNvbQIBATAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDQxNjIxNTQ0NVowIwYJKoZIhvcNAQkEMRYEFMeC/qbZYh7Rr6om+SvNGpZp7iVUMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIGAb7tgmphrIqq/fDZvhNeWX+RSIruWWWyb47gxVKBZdZyAVy+TKcvr7oj8uzhltoXNRRXI3ujpeU8qxFZ/b9bWk7hJIBWngescwLD1RASCw3/a6d8WYX6vFkopFhgyfOIvv582HWfQUIjSrE5w1tjwHljoxNNuuK+zzyTlqAdQLUQ=-----END PKCS7-----134/27/2004Acceptance PoliciesAcceptance PoliciesRecipient defined actions on receipt of a message.Three possible actions:Accept messageReject a message – MTA drops SMTP connection with sending MTA.Delay acceptance – MTA delays receipt of message until recipient approves or rejects message policy.144/27/2004Exim Filters as Acceptance PoliciesExim Filters as Acceptance PoliciesThree new commands:policy_accept, policy_reject, policy_delayAccess to policy attributes through variables$policy_<policy attribute name>Access to reputation ratings$sender_reputation, $policy_reputationExample:if $policy_emailtype is "person-to-person" then policy_acceptelsif $policy_emailtype is "commercial-advertisement" then policy_rejectelsif $policy_emailtype is "non-profit-advertisement" then policy_acceptelse policy_delayendif154/27/2004Sending the PITSending the PITBut first, a little about SMTP....Protocol used by MUA to send messages to MTA and between MTAs.Request/Response patternExample session....164/27/2004Example SMTP SessionExample SMTP Session220 mail.mydomain.net SMTP ServerHELO myisp.com250 Hello myisp.comMAIL FROM: [email protected] OKRCPT TO: [email protected] OKDATA354 Enter message, ending with . on a line by itselfFrom: [email protected]: [email protected]: what happened?Hey did you get my last email message?.250 OKQUIT221 mail.mydomain.net closing connection174/27/2004Sending the PIT: SMTP extensionSending the PIT: SMTP extensionModified the Exim MTA.STOK – Send the PIT.Similar to DATA commandMust be given after MAIL FROM and before any RCPT TO command.Responses:recipient accepted messagerecipient rejected messagerecipient delayed receipt, try again laterExample....184/27/2004Sending the PIT: ExampleSending the PIT: Example220 mail.mydomain.net SMTP ServerHELO myisp.com250 Hello myisp.comMAIL FROM: [email protected] OKSTOK356 Send token, ending with . on a line by itself-----BEGIN
View Full Document
Unlocking...