server index query protocol for email reputation & identity presented by april lorenzen of...
TRANSCRIPT
Server Index Query Protocolfor Email Reputation & Identity
Presented by April Lorenzen of Server Authority Inc
Purpose: Provide inbound email servers with identity/reputationdata from a remote third party or LAN source
Method: Domain+IP query using UDP. Reputation serverresponds with scoring.
Experience: Effective in production use including Europe toUSA. SIQ MTA clients available now.
Next Steps: Forwarding is an issue for reputation services andhas a potential workable solution, VARA. List of companiesdeveloping SIQ server-based services.
SIQuery & ResponseUDP Packets
● UDP w/HTTP fallback● Exponential backoff
retries● Handles IPv6 & IPv4
addresses● Query ID, version,
and query type housekeeping bits
● Flexible for wide variety of reputation data transmission
QUERY PACKET: 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +0 | VERSION | RESERVED |QT| +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +2 | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +4 | | / IPv6 / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| +20 | QD-LENGTH | RD-LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| +22 | | / QD / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / RD / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +512 max.
RESPONSE PACKET: 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +0 | VERSION | SCORE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +2 | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +4 | IP-SCORE | DOMAIN-SCORE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +6 | REL-SCORE | TEXT LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +8 | | / TEXT / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
SIQueries in Production Use
SIQ clients & servers have exchanged approx. 9 million queries and responses in production use since July 2003
Multiple SIQ clients in France have successfully
received responses from SIQ server in USA (approx. 2
million queries thus far)
Sendmail milters for the SIQ protocol include a
GPL'd Python version and a non-GPL C version
SIQ plug-in for Microsoft Exchange is in active
development
Fowarding is an Issue in Reputation Systems
A reputation system that scores an IP address and a domain together should be skipped if the message is coming from a forwarding service or forwarded account
Simple public domain mechanisms such as VARA (Verified and Recipient Authorized) are needed to determine when the reputation server query should be skipped
VARA - Simple Public Domain Solution to the Forwarding Problem
Recipient creates an alias to her real ISP mailbox, used only for mail forwarded from herPOBox.com address to her ISP.com mailbox. The alias looks like this:
[email protected] (a VARA compliant address)
[email protected] sends an email to [email protected]
POBox.com does inbound anti-spam processing, then forwards the email [email protected]
ISP.com inbound server detects the RCPT as a VARA address, verifies that the sendingserver ends in .pobox.com, and accepts the message, skipping any Domain+IP reputationtests, and delivering to her [email protected] mailbox.
For more details, visit http://wiki.OutboundIndex.net/VarA
Who is developing SIQ protocol reputation services
OutboundIndex.org – service available now
Return Path – evaluating SIQ for a new reputation
service
David Hohn of Uptime.at and Philipp Baer of
Npw.net announced the intention to write an open
source SIQ server and operate a free reputation
service.
Petru Paler has expressed interest in creating an
SIQ protocol interface for GOSSiP
FOR MORE INFORMATION
wiki.OutboundIndex.net/ProtocolDiscussion
or typeSIQ protocol
into most any search engine
Internet-Draft
http://www.ietf.org/internet-drafts/draft-irtf-asrg-iar-howe-siq-00.txt