Server Index Query Protocolfor Email Reputation & Identity

Presented by April Lorenzen of Server Authority Inc

Purpose: Provide inbound email servers with identity/reputationdata from a remote third party or LAN source

Method: Domain+IP query using UDP. Reputation serverresponds with scoring.

Experience: Effective in production use including Europe toUSA. SIQ MTA clients available now.

Next Steps: Forwarding is an issue for reputation services andhas a potential workable solution, VARA. List of companiesdeveloping SIQ server-based services.

SIQuery & ResponseUDP Packets

● UDP w/HTTP fallback● Exponential backoff

retries● Handles IPv6 & IPv4

addresses● Query ID, version,

and query type housekeeping bits

● Flexible for wide variety of reputation data transmission

QUERY PACKET: 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +0 | VERSION | RESERVED |QT| +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +2 | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +4 | | / IPv6 / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| +20 | QD-LENGTH | RD-LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| +22 | | / QD / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / RD / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +512 max.

RESPONSE PACKET: 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +0 | VERSION | SCORE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +2 | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +4 | IP-SCORE | DOMAIN-SCORE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +6 | REL-SCORE | TEXT LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +8 | | / TEXT / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

SIQueries in Production Use

SIQ clients & servers have exchanged approx. 9 million queries and responses in production use since July 2003

Multiple SIQ clients in France have successfully

received responses from SIQ server in USA (approx. 2

million queries thus far)

Sendmail milters for the SIQ protocol include a

GPL'd Python version and a non-GPL C version

SIQ plug-in for Microsoft Exchange is in active

development

Fowarding is an Issue in Reputation Systems

A reputation system that scores an IP address and a domain together should be skipped if the message is coming from a forwarding service or forwarded account

Simple public domain mechanisms such as VARA (Verified and Recipient Authorized) are needed to determine when the reputation server query should be skipped

VARA - Simple Public Domain Solution to the Forwarding Problem

Recipient creates an alias to her real ISP mailbox, used only for mail forwarded from herPOBox.com address to her ISP.com mailbox. The alias looks like this:

april_pobox.com_@ISP.com (a VARA compliant address)

Joe@AOL.com sends an email to april@pobox.com

POBox.com does inbound anti-spam processing, then forwards the email toapril_pobox.com_@ISP.com

ISP.com inbound server detects the RCPT as a VARA address, verifies that the sendingserver ends in .pobox.com, and accepts the message, skipping any Domain+IP reputationtests, and delivering to her april@ISP.com mailbox.

For more details, visit http://wiki.OutboundIndex.net/VarA

Who is developing SIQ protocol reputation services

OutboundIndex.org – service available now

Return Path – evaluating SIQ for a new reputation

service

David Hohn of Uptime.at and Philipp Baer of

Npw.net announced the intention to write an open

source SIQ server and operate a free reputation

service.

Petru Paler has expressed interest in creating an

SIQ protocol interface for GOSSiP

FOR MORE INFORMATION

wiki.OutboundIndex.net/ProtocolDiscussion

or typeSIQ protocol

into most any search engine

Internet-Draft

http://www.ietf.org/internet-drafts/draft-irtf-asrg-iar-howe-siq-00.txt