AMTP as an Alternative to SMTP

SamMichaels writes "AMTP was published as an Internet Draft last week. It suggests using a 'Mail Policy Code' during the transaction to identify what kind of mail is being sent (administrative, personal, commercial, etc). Another plus is the use of TLS using x.509 certificates signed by a CA so you know exactly where the mail came from. Sounds like a solid plan...now to get a certificate signed for a decent price is the challenge."

Why should we pay CA?

[oolon]

WHy should everyone pay CA for the certificates, we already pay for the domain name if they want to require certificates, then you should get one for your domain free with the domain! Ah I hear you say its so CA can vet people. No thats not the case, anyone can get a certificate for a domain they own all this does is make sure you know where the mail came from (not a bad thing) and impose a CA tax on all domains.

James

What will stop the spammers

[Billly+Gates]

Can these certificats be over written ? What about a spammer puting a false "Personal" bit instead of "commercial" in the protocal to get through? If part of the CA key is in the message can it be extracted and used again. For example could a spammer get the key out of IBM and pretend the message came from IBM? I know the CA has the other key to verify it but it would have to do it per message. Both keys could easily be extracted or the spammer could fool the CA to thinking that its message really is from IBM and could gain a key from them. If its a different key per message it would surely help but that seems unlikely since billions of emails are sent daily.

Also spammers could just register themselves and keep spamming. They could just use a different ISP every 48 hours so in this way could never be stopped. A new address for every spam could be used. They could identify themselves as a home user so email filtering software will let it through. After that spammer is banned he/she will have another address and use that.

Certificates

[h0tblack]

Certification costs don't seem to be a problem to me. After reading the rfc it seems that self-signed certificates are fine:

A system operator MAY establish different criteria for use over a private network. For example, an ISP may provide self-signed certificates for use by its customers from dynamically-allocated address space. The ISP system operator must use its own precautions to ensure that those self-signed certificates are considered valid only when presented from connections under its control.

Using self-certification a web of trust can be built up, if this is abused, then whichever server is casuing the problems can easily be removed as a trusted server from associated agents. Sure, the system isn't perfect, but it appears to provide a nice balance of compatibility and authentication without adversely effecting a users e-mail experience.

Open to abuse

[Twylite]

This draft fails to provide any significant advance over SMTP. The use of TLS and authentication between MTAs merely provides a mechanism to identify policy violators. It does not (as the draft recognises) prevent fraud against a CA, it does not address the problem of distributing certificate revocations, it opens the door to a new era of DoS attacks against CA services (which will likely be far less robust than the DNS system), increases the barrier to entry for the ISP market (with costs being passed on to consumers, of course), and the opportunity for politically based service interrupts (like we already see with SPAM black lists) is just plain scary.

Further to the last point: ISPs are generally forced to react to SPAM rather than be proactive (it is generally impossible for an ISP to distinguish between UBE and opt-in lists). This means that spammers will always be one step ahead, and any network with enough bullying power can summarily demand the revocation of another ISP's certificate for policy violations. An entirely new class of disputes will arise, making SPAM black listing arguments seem tame.

The additional responsibilities this draft places on end users is also unacceptable. You will have to remember to flag your message "commercial" or "personal" and whether the distribution is "individual" or "customer". And of course is someone complains about the classification you could end up having your service terminates, so that the ISP can prove it took appropriate action against the "abuse".

We have to accept that it is a fact that we cannot get away from SPAM. The postal and Internet mail systems rely on the opportunity to send a message to any recipient. Implementing a client side PKI-based whitelist for mail would be trivial (and many people do this), but destructive to the communication medium. The object is not to get away from SPAM, but to ensure that we, as recipients, do not bear the cost of SPAM.

Any system that filters messages at your mailbox, or your ISP's server, costs you money. Your bandwidth and your ISP's bandwidth are wasted. AMTP may reduce this, but adds other hidden costs like a certified key and probably the ongoing maintenance of good relations with many peer MTAs to avoid accusations of abuse.

Anyone interested in alternatives to the SMTP system should take a look at D. J. Bernstein's Internet Mail 2000 ideas; in brief, the sender holds the message in his/her mailbox and make his/her bandwidth available to allow the mail to be downloaded by the recipient (who can obviously choose not to download it).

Re:Open to abuse

[fyonn]

hello twy

I agree with some of your points, I'm not sure that this is the way forward, spam is an evil perhaps but I've not seen a proposed solution to deal with it that I am happy with. I certainly get my fair share of spam which I tag at the server and filter into a special spam folder in my imap mailstore. this is the best solution I've come up with so far for myself and it works pretty well.

the big problem I have with most of the proposed solutions is that it destroys the open and free ethos of the internet, the ability to send email to anhyone, perhaps anonymously is a good thing I think, sure it's abused and there is a certain amount of locking down that we all do, not being an open relay or using dns blacklists for example, but in general we accept mail from anyone using well defined standard allowing the interconnection of any mua/mta/OS to any other.

I don't like segmenting the net into distinct chunks that cannot communicate, ie smtp vs amtp vs internet mail 2000 etc. it's like the IM networks which, imho, really ought to be able to all intercommunicate but can't.

yes, spam is an abuse of the system, but I find most of the cures worse than the disease. maybe my spam problem isn't as bad as some (around 30-40 emails a day reach my spam box and a small few a week make it to my inbox) and while I'd like to get less spam, I'd rather peer through my spam folder once every day/few days to scan for false positives, than have a good chunk of the net completely unable to talk to me should they want/have a need to.

im2k is an interesting idea but it's not short of problems itself. I want my emails to be waiting for me in my local mailbox, not have to chweck my mail, click allow on 18 mails, deny on 32 and then "download" and wait for the 3 meg avi attachment from a friend on dialup (and would he have to be online at the time? or would we have im2k smarthosts?).

also the idea of "pay per email" systems I disagree with too, maybe I'm a tight git, but why should I pay to send email, I've already paid for my bandwidth to (mostly) freely access the net and hosts on it, and what about mailing lists I run a few low bandwidth mailling lists which would mean that other people (the ppl on my lists) would be costing me (the list owner and mailserver admin) money.

while I like the idea of more of our email being encrypted (my server supports tls, with my own self signed cert) I certainly don't want to restrict my incoming email to only those that come in one TLS links, a) hardly anyone uses it, more the pity and b) I get spam via tls too. I don't really feel like going out and buying a proper cert and this stuff isn't a commercial venture, it's for me and some friends.

the other thing is that just because I don't like spam, doesn;t mean that others don't actively want it. it's the same reason that I disgree with those who say that ISP's ought to firewall ports 135-139 etc to stop ppl using windows networking over the internet, after all, it's only supposed to be a lan only protocol. well, perhaps it is, but that doesn't stop some people wanting to share a directory over the net, and why shouldn't they, if it hurts no-one else?

I don't like disrupting the supposedly free end to end connectivity that we supposedly have.

dave

PS. okay, okay, so I was rambling there :)

Re:Should we change HTTP as well?

[Rhinobird]

There are also down sides to http/ftp should we change them as well? The answer is no.

Actually, the answer IS yes. Or, maybe you would like to go back to using gopher?

If we change to a different email protocol we can still use the old protocol alongside of the new, and when the new protocol is widely accepted and in use, just shut down the old mail service.

Re:Should we change HTTP as well?

[ColdGrits]

"There are also down sides to http/ftp should we change them as well? The answer is no."

Erm, actually, the HTTP spec HAS been changed in the past to overcome deficiencies in the original.

HTTP/1.0
HTTP/1.1
HTTPS

I think the answer you were actually looking for was "yes".

Re:Its a good idea

[dnoyeb]

The mail server can not get out of the way. Remember, the end users are annoyed at the SPAM, but the ISPs have to pay for all the traffic. The ISPs will jump at the opportunity to eliminate the SAPM traffic. End user is to late for that.

Re:Its a good idea

[arivanov]

Sorry. Not a good idea:

1. Security does not go any further then the TLS extension to ESMTP. If you force TLS in ESMTP you get the same result.

2. There is a plethora of "codes" for SPAM which will be abused the same as now and will require regulation.

3. It suffers from the same problem of SMTP as it is hop per hop, not end-to-end.

4. It breaks country laws in many countries which are still being anal-retentive on encryption.

Instead of this horrid garbage all that is needed is the following simple fix/extension to SMTP:

1. Messages should be signed by every gateway on the way with the sertificate of the gateway. The sig should be inserted as a "Received-signature:" header which covers the mail and the lines of the header that exist so far under it. Thus even if you do not have a cert for the end-user, but trust the relay you may decide to accept the mail and optionally add the user to your cert trust tree.

2. Gateways should no longer modify any headers prior to the ones they add (some do - see spamassassin for example).