The web of trusted email servers would use a new and improved mail
transfer protocol (NIMTP) that would only be used to exchange email
between trusted servers. Users could continue to use authenticated SMTP
to
initiate the sending of email, but nobody would accept any
unauthenticated
SMTP servers any more.
And this would deploy how? In particular, consider the following
questions:
A few of the larger user sites such as AOL and MSN would deploy it between
themselves. Once it is proven, they would analyse their logs and invite
the large email sender sites to begin using the protocol. Once it is clear
that NIMTP can be deployed easily and cheaply, they begin to impose rate
limiting on email senders using SMTP which will cause queues to build at
the email sender sites. Eventually running NIMTP will be recognized as the
right thing to do and everyon will use it.
1) What *immediate* benefits do you get if you are among the first to
deploy?
(For instance, note that you can't stop accepting "plain old SMTP" till
everybody else deploys).
You can replace complex and buggy spam filtering software with simple
rules on your NIMTP servers. Since the spammer cannot spoof their
identity, you simply rate limit them based on the volume of attempts. I.e.
if a sender attempted to send 10 messages in one hour, you might limit him
to 2 per hour but if he attempted to send 100 per hour you would limit him
to 1 per hour. And if he attempted to send 1000 per hour you would limit
him to 1 every 4 hours.
2) Who bears the implementation cost when a site deploys, and who gets
the
benefit? (If it costs *me* to deploy, but *you* get the benefit, why do I
want
to do this?)
The site owners pay all the costs and reap all the benefits. Just like
today with spam filtering.
3) What percentage of sites have to deploy before it makes a real
difference,
and what incremental benefit is there to deploying before that? (For any
given
scheme that doesn't fly unless 90% or more of sites do it, explain how
you
bootstrap it).
The incremental benefit is there if NIMTP deployment starts with large
email sites.
4) Does the protocol still keep providing benefit if everybody deploys
it?
(This is a common problem with SpamAssassin-like content filters - if
most
sites filter phrase "xyz", spammers will learn to not use that phrase).
Of course it keeps providing benefits. The two key elements of NIMTP (New
Improved Mail Transfer Protocol) are that the receiver will only receive
email messages from a known sender site and the sender site will certify
the identity of the message sender. In order to know the sender site,
there needs to be an authentication handshake for a session and it needs
to be based on some kind of prearranged agreement and key exchange. In
order to certify the message sender, all messages will need to be relayed
through an NIMTP relay site and the message sender will need to
authenticate themself, i.e. using something like AuthSMTP. But AuthSMTP
will only be used between mail clients and their email service provider.
NIMTP is intended to be used between email service providers. Some of
these NIMTP sites will be relaying email for smaller NIMTP sites that
cannot afford the complexity of prearranging keys with all other NIMTP
sites.
To summarize, the NIMTP core will have NIMTP peering arrangements with
every other member of the NIMTP core, but many NIMTP sites will only have
NIMTP peering with one or two other sites. In order for anyone to send
email within the NIMTP world they will need to hand the email to any NIMTP
site who will relay it to its destination. But the NIMTP site will only
accept email if it can certify the sender's identity.
If you have a *serious* proposal that actually passes all 4 questions (in
other words, it provides immediate benefit to early adopters, and still
works when everybody does it), bring it on over to 'asrg@ietf.org'.
I've just joined the ASRG list and if I can find the time I will try to
write this up as a draft architecture and post it. But feel free to copy
these emails to ASRG if you feel it would be worth discussing there.
--Michael Dillon
