Will changes to email improve safety and fairness?Emerging changes to email carry the promise of abating abuse, but will these changes be effective and ensure fairness? The changes ahead hold both promise and peril. Guided by self-interests, an email address See Internet address. authorization scheme is claimed to be an essential element needed to curtail abuse and thus protect recipients. Guided by similar self interests, the US Federal government also recently codified cod·i·fy tr.v. cod·i·fied, cod·i·fy·ing, cod·i·fies 1. To reduce to a code: codify laws. 2. To arrange or systematize. opting-out and what constitutes spam. Regardless of the rules and mechanisms, keep in mind most of the abusive email is prevented by imposing some type of reputation assessment. The current practice for protecting email's utility as an efficient form of communication is to ostracize os·tra·cize tr.v. os·tra·cized, os·tra·ciz·ing, os·tra·ciz·es 1. To exclude from a group. See Synonyms at blackball. 2. To banish by ostracism, as in ancient Greece. abusive sources when much of their email is sent to recipients that never expressed a desire for its receipt. In the email vernacular, this practice is called block-listing when the source has not adhered to an opt-in criteria for the distribution of bulk email. An opt-in criteria may seem unjust as it imposes differing sending limits. However, an opt-in criteria does provide a practical means to ascertain who is causing the greatest harm to email's utility, and a better method to assess email abuse has not been devised. CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003) A U.S. statute effective January 1, 2004 that allows spammers to be fined up to $6 million. Law Demonstrates the DMA's Influence Some marketers advocated a wholly unworkable and unsafe opt-out method that became codified in the US Federal CAN-SPAM law. Fortunately, this law also allows for a practical opt-in criteria to be used instead. Opting-out greatly increases the recipient's burden and risk when forced to respond to undesired messages. Merely responding increases the trading value of verified email addresses, inviting an endless series of new senders. When the opt-out method is offered as a link, just a simple click may cause the recipient's system to become compromised. Fairness Depends Upon Who Gets Assessed For email however, the greatest potential for injustice occurs when the source of abuse is being ascribed. There are few verifiable source identifiers within an email. The sender's IP address and the host-name provided within initial announcements are two verifiable identifiers. A new identification method based upon public-key cryptography public-key cryptography - public-key encryption is being tested called DomainKeys, along with an IETF See Internet Engineering Task Force. IETF - Internet Engineering Task Force effort called DomainKeys Identified Mail DomainKeys Identified Mail is a method for E-mail authentication. It offers almost end-to-end integrity from a signing to a verifying Mail transfer agent (MTA). (DKIM See DomainKeys. ). All of these identifiers represent sources that can be fairly held accountable. SSP (1) (Service Switching Point) The local exchange node in an SS7 telephone network. The SSP can be part of the voice switch or in a separate computer connected to it. Demonstrates the Administrator's Influence In addition, those willing to equivocate e·quiv·o·cate intr.v. e·quiv·o·cat·ed, e·quiv·o·cat·ing, e·quiv·o·cates 1. To use equivocal language intentionally. 2. To avoid making an explicit statement. See Synonyms at lie2. about identifiers consider that an email address domain authorization provides an indirect method to identify the message source. Currently these proposed authorization schemes are called Sender-ID, and a new scheme called Sender Signer Policy (SSP) that is intended to work with DKIM. As with Sender-ID, SSP also makes the assumption of being an indirect method of source identification, and even directs complaints to the email address domain owner. With any of these email address authorization schemes, the email address domain owner may be prone to being unfairly held accountable. This can happen when the authorization is considered a weak form of authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. , and used to accrue reputations for block-listing. When the email address authorization does not actually identify the source of an abusive message, any reputation accrual would of course result in unfair treatment. Some insist the email address domain owner should be held culpable Blameworthy; involving the commission of a fault or the breach of a duty imposed by law. Culpability generally implies that an act performed is wrong but does not involve any evil intent by the wrongdoer. for their authorization of email sources. However such authorizations may be open-ended (allowing any signature or the lack of a signature) out of necessity or poorly protected by providers within shared environments. The email address domain owner can be coerced by equivocating administrators into publishing these authorizations after finding that without this record, their emails are rejected or deleted. A fair system would ensure actual sources are ascribed for undesired email. Unfortunately, some consider authorizations derived from email addresses as a good-enough means to identify the message source, which is simply wrong and unfair. The Expectation of Delivery When publishing an SSP record, an email address domain owner wishing to use various providers or services would need to publish an open-ended authorization. As SSP authorizations are public, these are rather easily exploited, especially with the prevalence of compromised systems connected to most providers. The defensive posture would be to not use public servers and not permit third-party signatures as perhaps the only sure means to limit these exposures. Any exploitation of an open-ended authorization has the potential to damage reputations held by a diverse array of equivocating recipients. However, not allowing third-party signers also dramatically changes current email practices. Who Benefits? Placing the burden of reputation upon the email address domain owner benefits the administrator, as expensive complaints are directed elsewhere. Protections promised by these authorization schemes assume the recipient is able to clearly see the email address and that removal of unauthorized messages will be effective at thwarting phishing Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. attempts. Unfortunately, both of these assumptions are wrong. Most recipients are likely using an email application that displays the pretty-name rather than the actual email address. Even when the email address is visible, any indication or assumption that authorized messages are trustworthy will likely mislead mis·lead tr.v. mis·led , mis·lead·ing, mis·leads 1. To lead in the wrong direction. 2. To lead into error of thought or action, especially by intentionally deceiving. See Synonyms at deceive. the recipient, as any miscreant mis·cre·ant n. 1. An evildoer; a villain. 2. An infidel; a heretic. [Middle English miscreaunt, heretic, from Old French mescreant, present participle of is able to authorize their own domain and can control what is displayed. Additionally, in some non-English speaking regions, use of Puny-Code domain names virtually prohibits reliance upon any visual recognition of an email address, making these authorization schemes truly English centric. And the protection promised by the authorization schemes also assume that the recipient understands the hierarchy of assignments within a domain name. Many do not, and many institutions subjected to phishing also make similar changes to their domain name, just to differentiate their various services. A Recognition Strategy There is an alternative to SSP that can resolve the significant flaws of unfair accountability and over reliance upon visual acuity visual acuity n. Sharpness of vision, especially as tested with a Snellen chart. Normal visual acuity based on the Snellen chart is 20/20. Visual acuity The ability to distinguish details and shapes of objects. . This alternative will allow the world to safely use their native language. A binding recognition strategy simply includes advice (a single letter code) within the signature that indicates which elements may be used to identify the author of the message. Once these elements are registered by the recipient with the email application, messages can be highlighted when recognized as coming from correspondents of the registered messages. The binding-information can be retained at both the mail application and, in some cases, automatically at the email server See mail server. . In cases where an institution wishes to impose a requirement of a signature with their email address, this can be signaled within the retained binding advice. This approach ensures the message source remains accountable rather than the email address domain owner, as no email address domain authorizations are used. This also ensures current email practices do not need to change, so one may continue to use the email address given to them by their Alma Mater, for example. Recognition Mirrors the Innate Ability of Humans Rather than depending upon super human vision or the acquisition of thousands of look-alike domains by the various institutions, a cryptographic signature would allow the recipient's email application to uniquely recognize a prior correspondent. This source recognition models the innate ability of humans to identify a unique voice or a face. By highlighting recognized sources, attempts at pretending to be one of these correspondents would be easily noticed by the lack of highlighting. Initial message source identifiers would be registered with the email application when a relationship is first established. This added information provides an out-of-band means to confirm the source of the message. Once the message source is registered by the recipient, all subsequent messages should be identifiable by the email application and thus highlighted. The value of DKIM will be fully realized when mail applications utilize the signature to recognize prior correspondents. With DKIM and recognition built into email applications, look-alike domain exploits, and other spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing. (2) Creating fake responses or signals in order to keep a session active and prevent timeouts. attempts could become a problem of the past. Cryptography Requires Auxiliary Defenses The effort does not end with just the DKIM signature. Cryptographic techniques represent a moderate overhead where messages must be fully received before the validity of a signature can be verified. This means the cryptographic process is somewhat more vulnerable to Denial of Service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. than schemes that identify sources based upon the readily available IP address or host-name. However, depending upon the IP address may cause collateral blocking when servers are being shared, as they often are. Fortunately, email already offers a solution for both the Denial of Service attack and collateral blocking. At the beginning of an email exchange session, the host-name of the sending system is provided and can be verified. Establishing a new paradigm New Paradigm In the investing world, a totally new way of doing things that has a huge effect on business. Notes: The word "paradigm" is defined as a pattern or model, and it has been used in science to refer to a theoretical framework. that ensures the host-name can be verified will also permit the same name-based reputations used to vet the sources, to also defend the cryptographic process. What to Expect It should come as a surprise that a consumer friendly and safe method for using DKIM has been initially supplanted by the SSP authorization scheme. Within the IETF, consensus among current participants is heavily dominated by those that attempted to bring forward the previous IP address authorization schemes. SSP will be their second attempt at the RFC (Request For Comments) A document that describes the specifications for a recommended technology. Although the word "request" is in the title, if the specification is ratified, it becomes a standards document. brass ring brass ring n. Slang An opportunity to achieve wealth or success; a prize or reward: "missed the brass ring of American success" Lewis H. Lapham. Noun 1. , and this group is not likely to be dissuaded from their goal of holding the hapless email address domain owner accountable. Douglas Otis is senior engineer at Network Security Services Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME. Group, Trend Micro, Inc. (Cupertino, CA). www.trendmicro.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion