AMTP as an Alternative to SMTP

SamMichaels writes "AMTP was published as an Internet Draft last week. It suggests using a 'Mail Policy Code' during the transaction to identify what kind of mail is being sent (administrative, personal, commercial, etc). Another plus is the use of TLS using x.509 certificates signed by a CA so you know exactly where the mail came from. Sounds like a solid plan...now to get a certificate signed for a decent price is the challenge."

Yes, but

[Anthem.uxp]

does it involve the Evil Bit ?

Its a good idea

[blaster]

But in general end to end security models like this have had trouble because it has not been possible to get central signing in a way that can be administrated cheaply enough to allow wide deployment. I fear that this will fester in the same acceptance purgatory as DNSSEC, for roughly the same reasons

Re:Its a good idea

[Ed+Avis]

I'd hardly call it end-to-end. Here we have the mail server poking its nose into what type of mail is being delivered. It would make more sense for the mail system to get out of the way, deliver the messages, and let the users decide what they want to receive. Nobody advocates that IP routers should inspect each packet to see if it contains spam.

However, authenticated connection for mail delivery might not be a bad idea anyway, to stop DoS attacks based on sending millions of messages - even if all those are rejected by the recipient it still clogs the network, and unlike spammers, DoSers aren't trying to make money but just to cause a nuisance.

Apparently the main point of AMTP is to make it harder to spoof addresses. But it's still possible, so I don't think AMTP will change the general rule that no message header is to be trusted. PGP signatures blah blah blah are the only way to make sure a message comes from who it claims to.

Re:Its a good idea

[AftanGustur]

But in general end to end security models like this have had trouble because it has not been possible to get central signing in a way that can be administrated cheaply enough to allow wide deployment.

If the state is serious enough about this problem (and they will, one day) they will manage and issue certificates for whoever wants one.

It shouldn't have to cost more to manage a certificate than it costs to manage a credid card account .. Even less, since once the issuer has issued the certificate, he doesn't have to protect any part of it himself.

Re:Its a good idea

[dnoyeb]

The mail server can not get out of the way. Remember, the end users are annoyed at the SPAM, but the ISPs have to pay for all the traffic. The ISPs will jump at the opportunity to eliminate the SAPM traffic. End user is to late for that.

Re:Its a good idea

[Omnifarious]

Why is central signing needed at all? That's a complete fallacy. How do you decide that someone is who they say they are in the real world? Do you look at their driver's license or passport? That only happens during the minority of communications in which you actually pay someone, and even then it doesn't happen if you use cash. It cetainly isn't appropriate for every email messge.

Re:Its a good idea

[arivanov]

Sorry. Not a good idea:

1. Security does not go any further then the TLS extension to ESMTP. If you force TLS in ESMTP you get the same result.

2. There is a plethora of "codes" for SPAM which will be abused the same as now and will require regulation.

3. It suffers from the same problem of SMTP as it is hop per hop, not end-to-end.

4. It breaks country laws in many countries which are still being anal-retentive on encryption.

Instead of this horrid garbage all that is needed is the following simple fix/extension to SMTP:

1. Messages should be signed by every gateway on the way with the sertificate of the gateway. The sig should be inserted as a "Received-signature:" header which covers the mail and the lines of the header that exist so far under it. Thus even if you do not have a cert for the end-user, but trust the relay you may decide to accept the mail and optionally add the user to your cert trust tree.

2. Gateways should no longer modify any headers prior to the ones they add (some do - see spamassassin for example).

Free Certificate

[CountZero007]

Try http://www.cacert.org/ as a free Certificate Authority...

Re:Free Certificate

[Shadowspawn]

If you sign your own certificate, you don't have the level of trust as getting a cert from CACert.org.

CACert works on a point system for the level of trust. You must provide proof of your identity to other people that vouch for you - either with legal documentation (depending on the country/legal jurisdiction that you reside in) or inherited trust from another CA - or even from PGP/GPG.

CACert is currently working on getting its root certificate included with browser distributions, such as Mozilla.

To vote, go here: http://bugzilla.mozilla.org/show_bug.cgi?id=215243

If you need to register on Bugzilla first, go here: http://bugzilla.mozilla.org/createaccount.cgi

Certificates can be created for businesses and persons, unlike from most (all?) other certificate providers.

Why should we pay CA?

[oolon]

WHy should everyone pay CA for the certificates, we already pay for the domain name if they want to require certificates, then you should get one for your domain free with the domain! Ah I hear you say its so CA can vet people. No thats not the case, anyone can get a certificate for a domain they own all this does is make sure you know where the mail came from (not a bad thing) and impose a CA tax on all domains.

James

Re:Why should we pay CA?

A new 4 point plan for SPAM:

1. Hijack domain
2. Get CA to issue cert
3. Spam (or ?????)
4. Profit???

People who routinely hijack entire netblocks to send SPAM are not going to be bothered by providing fraudulent credentials to a CA.

What will stop the spammers

[Billly+Gates]

Can these certificats be over written ? What about a spammer puting a false "Personal" bit instead of "commercial" in the protocal to get through? If part of the CA key is in the message can it be extracted and used again. For example could a spammer get the key out of IBM and pretend the message came from IBM? I know the CA has the other key to verify it but it would have to do it per message. Both keys could easily be extracted or the spammer could fool the CA to thinking that its message really is from IBM and could gain a key from them. If its a different key per message it would surely help but that seems unlikely since billions of emails are sent daily.

Also spammers could just register themselves and keep spamming. They could just use a different ISP every 48 hours so in this way could never be stopped. A new address for every spam could be used. They could identify themselves as a home user so email filtering software will let it through. After that spammer is banned he/she will have another address and use that.

Re:What will stop the spammers

[StrawberryFrog]

What about a spammer puting a false "Personal" bit instead of "commercial" in the protocal to get through?

Let them. Advertising gadgets is not illegal. Lying in order to do so is.

No protection against viruses

Now, viruses browse your contact list and send a message to everyone in the list. If this breaks through, the viruses will browse your contact list, and send a message to everyone in the list using the key, something which Outlook will probably do automatically.

Oh, yes, there is one difference. The CA will get lots of profit for selling certificates.

Security concerns

[fr0z]

From the Draft:

This specification addresses the issue of Unsolicited Bulk Email (UBE) by providing coded tokens to identify mailing handling policies. It is possible for a sender to use a trusted MTA to transmit false tokens and thereby subvert an MTA's policies.

So it would be interesting if implemented with legislation rather than without; that way there is a serious disincentive for spammers who manage to subvert the policy.

Finally!

[fuzzix]

I reckon we can use this system to help Microsoft and AOL track those unsolicited forwards to maximise their donations to sick infants...

Certificates

[h0tblack]

Certification costs don't seem to be a problem to me. After reading the rfc it seems that self-signed certificates are fine:

A system operator MAY establish different criteria for use over a private network. For example, an ISP may provide self-signed certificates for use by its customers from dynamically-allocated address space. The ISP system operator must use its own precautions to ensure that those self-signed certificates are considered valid only when presented from connections under its control.

Using self-certification a web of trust can be built up, if this is abused, then whichever server is casuing the problems can easily be removed as a trusted server from associated agents. Sure, the system isn't perfect, but it appears to provide a nice balance of compatibility and authentication without adversely effecting a users e-mail experience.

Re:but...does it work?

Simply put, it isn't.
If you actually had red the draft, especially section 3 you would have seen that it is in essence smtp enhaced by tls:

3. The AMTP Model

Authenticated Mail Transfer Protocol (AMTP) is based upon Simple Mail
Transfer Protocol (SMTP, [RFC2821]) and addresses the twin problems
of authentication and codification. AMTP uses Transport Layer
Security (TLS, [RFC2246]) to create an environment of trust between
Mail Transfer Agents (MTAs) involved in a transaction. MTAs then
exchange Mail Policy Codes (MPCs) to establish permission for mail
delivery.

AMTP inherits the specification of SMTP and builds upon it. This
document specifies only the changes to SMTP and therefore implicitly
incorporates the latest SMTP specification [RFC2821] except where
indicated.

So RTF!

Re:but...does it work?

[geirt]

njet wrote:
> So why is this SO different from using TLS ?
> Remember that smtp is still used and you have to be backward compatible....

From the FAQ:
Why not add this capability to SMTP as an option?

This solution will only work if it is exclusive of existing practice. In order to solve the problem we must stop accepting traffic from non- trusted sources.

So the diffference is just that, it's not backward compatible ....

Open to abuse

[Twylite]

This draft fails to provide any significant advance over SMTP. The use of TLS and authentication between MTAs merely provides a mechanism to identify policy violators. It does not (as the draft recognises) prevent fraud against a CA, it does not address the problem of distributing certificate revocations, it opens the door to a new era of DoS attacks against CA services (which will likely be far less robust than the DNS system), increases the barrier to entry for the ISP market (with costs being passed on to consumers, of course), and the opportunity for politically based service interrupts (like we already see with SPAM black lists) is just plain scary.

Further to the last point: ISPs are generally forced to react to SPAM rather than be proactive (it is generally impossible for an ISP to distinguish between UBE and opt-in lists). This means that spammers will always be one step ahead, and any network with enough bullying power can summarily demand the revocation of another ISP's certificate for policy violations. An entirely new class of disputes will arise, making SPAM black listing arguments seem tame.

The additional responsibilities this draft places on end users is also unacceptable. You will have to remember to flag your message "commercial" or "personal" and whether the distribution is "individual" or "customer". And of course is someone complains about the classification you could end up having your service terminates, so that the ISP can prove it took appropriate action against the "abuse".

We have to accept that it is a fact that we cannot get away from SPAM. The postal and Internet mail systems rely on the opportunity to send a message to any recipient. Implementing a client side PKI-based whitelist for mail would be trivial (and many people do this), but destructive to the communication medium. The object is not to get away from SPAM, but to ensure that we, as recipients, do not bear the cost of SPAM.

Any system that filters messages at your mailbox, or your ISP's server, costs you money. Your bandwidth and your ISP's bandwidth are wasted. AMTP may reduce this, but adds other hidden costs like a certified key and probably the ongoing maintenance of good relations with many peer MTAs to avoid accusations of abuse.

Anyone interested in alternatives to the SMTP system should take a look at D. J. Bernstein's Internet Mail 2000 ideas; in brief, the sender holds the message in his/her mailbox and make his/her bandwidth available to allow the mail to be downloaded by the recipient (who can obviously choose not to download it).

Re:Open to abuse

[fyonn]

hello twy

I agree with some of your points, I'm not sure that this is the way forward, spam is an evil perhaps but I've not seen a proposed solution to deal with it that I am happy with. I certainly get my fair share of spam which I tag at the server and filter into a special spam folder in my imap mailstore. this is the best solution I've come up with so far for myself and it works pretty well.

the big problem I have with most of the proposed solutions is that it destroys the open and free ethos of the internet, the ability to send email to anhyone, perhaps anonymously is a good thing I think, sure it's abused and there is a certain amount of locking down that we all do, not being an open relay or using dns blacklists for example, but in general we accept mail from anyone using well defined standard allowing the interconnection of any mua/mta/OS to any other.

I don't like segmenting the net into distinct chunks that cannot communicate, ie smtp vs amtp vs internet mail 2000 etc. it's like the IM networks which, imho, really ought to be able to all intercommunicate but can't.

yes, spam is an abuse of the system, but I find most of the cures worse than the disease. maybe my spam problem isn't as bad as some (around 30-40 emails a day reach my spam box and a small few a week make it to my inbox) and while I'd like to get less spam, I'd rather peer through my spam folder once every day/few days to scan for false positives, than have a good chunk of the net completely unable to talk to me should they want/have a need to.

im2k is an interesting idea but it's not short of problems itself. I want my emails to be waiting for me in my local mailbox, not have to chweck my mail, click allow on 18 mails, deny on 32 and then "download" and wait for the 3 meg avi attachment from a friend on dialup (and would he have to be online at the time? or would we have im2k smarthosts?).

also the idea of "pay per email" systems I disagree with too, maybe I'm a tight git, but why should I pay to send email, I've already paid for my bandwidth to (mostly) freely access the net and hosts on it, and what about mailing lists I run a few low bandwidth mailling lists which would mean that other people (the ppl on my lists) would be costing me (the list owner and mailserver admin) money.

while I like the idea of more of our email being encrypted (my server supports tls, with my own self signed cert) I certainly don't want to restrict my incoming email to only those that come in one TLS links, a) hardly anyone uses it, more the pity and b) I get spam via tls too. I don't really feel like going out and buying a proper cert and this stuff isn't a commercial venture, it's for me and some friends.

the other thing is that just because I don't like spam, doesn;t mean that others don't actively want it. it's the same reason that I disgree with those who say that ISP's ought to firewall ports 135-139 etc to stop ppl using windows networking over the internet, after all, it's only supposed to be a lan only protocol. well, perhaps it is, but that doesn't stop some people wanting to share a directory over the net, and why shouldn't they, if it hurts no-one else?

I don't like disrupting the supposedly free end to end connectivity that we supposedly have.

dave

PS. okay, okay, so I was rambling there :)

Too much work for too little gain

[amcguinn]

Using TLS has a benefit in cutting down forgery and making spammers easier to trace, but asking all mail system administrators to set up X.509 certs is a huge amount of work for that small gain. (eg. I'm sending an email to 10 of my friends to ask for sponsorship for a sponsored bungee jump -- how do I tell my ISP's mail server to use entity "ngo" instead of "per", and what are the chances I haven't a clue I'm supposed to do this?)

The Mail Policy Code is a waste of time. Spammers will lie, and a huge proportion of everyone else will get it wrong through carelessness. It's chief benefit would be to help legitimate bulk commercial email (which is difficult to allow through content-based filtering), but I think the future of that kind of communication is in "pull" protocols where the subscriber rather than the publisher controls the subscription. (I outlined a couple of ideas in an earlier comment).

Re:Should we change HTTP as well?

[Rhinobird]

There are also down sides to http/ftp should we change them as well? The answer is no.

Actually, the answer IS yes. Or, maybe you would like to go back to using gopher?

If we change to a different email protocol we can still use the old protocol alongside of the new, and when the new protocol is widely accepted and in use, just shut down the old mail service.

Re:Should we change HTTP as well?

[ColdGrits]

"There are also down sides to http/ftp should we change them as well? The answer is no."

Erm, actually, the HTTP spec HAS been changed in the past to overcome deficiencies in the original.

HTTP/1.0
HTTP/1.1
HTTPS

I think the answer you were actually looking for was "yes".

What about bankruptcies?

[taliver]

I'm company A.com, and I buy a certificate (or get one for free from some free-sign authority). I use it completely legitamately. Only for receipts to paying customers, and to deliver "timely updates" for their software or whatever.

Now I fall on hard times. And go broke.

In the liquidation proceedings, a spammer swoops down and buys my certificate. It's a valued commodity to him, and the courts, I don't believe, are not going to care about the nefarious purposes he may have in mind.

But now lots of people are getting spam in my name.

So, would the CA have the power to "ungrant" the certificate, and therefore also be able to hold thousands of companies hostage. (Imagine starting as a 'free' service, and then suddenly 'changing your policy'.)

Or will the clients at the end have to say that certain CA's aren't valid. If so, how is this different form white-list/black-list.

Now, anything that tries to fight spam I am for. However, I believe the number one thing needed is accountability. If someone sends me mail, I need to be able to reach out and touch them, with a phone number or anything else I feel like. And the latest round of email viruses wouldn't work if I couldn't fake the address it was being sent from.

Re:What about bankruptcies?

[JKR]

That's what revocation certs. are for. Any certificate/PKI system needs to be able to revoke certificates/keys.

Jon.

Re:Should we change HTTP as well?

[Gunzour]

Yes, this proposal is a drastic move. Quite frankly, I think it's time we start considering drastic solutions to the spam problem. Spam is threatening to collapse our entire email infrastructure. Consider the following:

Some ISPs have long believed that most spam is not about making money but instead is just a massive denial-of-service attack

Recent worms appear to have been designed as a way to send spam through unwitting victims' computers

Spam blocking services are currently combating massive denial of service attacks

Sure, you can track down and go after individual spammers through the legal system, but so far that have proven to be little more than a game of whack-a-mole: knock one down and five more pop up.

AMTP appears to be based on the concept of forcing mail to have accurate headers. To me that seems like a good idea. Unfortunately it does essentially mean replacing the entire email infrastructure. Is it the best solution? I don't know, but it seems to me that it merits serious thought and review.

Won't work

[Fefe]

First of all, the CA has a business interest in selling as many certificates as possible, so it does not make sense to assume it will exert due diligence to find out whether someone is a spammer.

Second of all, spammers won't go to the CA and make it obvious they are spammers. They will pose as flower delivery agents with a brand new name, and the CA will give them a certificate and that's it. Then the spammer will start spamming, someone will complain to the CA, and they will issue a revocation certificate. In case you don't know TLS very well: revocation certificates do not scale AT ALL, it basically means that the AMTP server needs to have all on disk or we need a protocol to get them (possibly LDAP?). Since spammers will be using throw away identities just like they do now, I am seeing millions of revoked certificates.

So the only thing this approach does is create an artificial bottleneck at the CA, because they will be responsible for revoking the spamming "rights". Spammers will still spam and then in response be denied access, just like now, so even if this CA stuff works perfectly, and we have a high performance revocation certificate request protocol (which by the way entails enormous bandwidth cost for the CA, if all the mail servers in the world send a query for each incoming email, think about it!), we will still have exactly the same amount of spam we have now, because spammers will still spam first and be denied access later.

The next question is: what do we do about non-responsive CAs? Let's say Verisign gets in the email CA business, and they basically run the same fully automated CA business they do now, and they get bribed by the spammers just like ISPs get bribed by them now, and they don't revoke the certificate of a spammer, what are you going to do? Not accept any mail from anyone signed by Verisign ever again? That is basically your only option, and it is even worse than the collateral damage we have these days, when "only" one IP is barred (not counting SPEWS). If you think bribing Verisign is unlikely, consider the stakes! If you successfully bribe Verisign as spammer, you basically have permission to spam everyone, all over the world, and nobody can do anything about it except what we do now, unsuccessfully, i.e. block single IPs. And the spammers are still in business, so it's not enough.

So all in all, I think this is a spectacularly bad idea that will not work on ANY level. The up side is that it may finally bring encrypted email to everyone.

Re:how about charging for mail?

[esj+at+harvee]

problem has already been considered and solved. The camram project uses a recipient bound token as its "payment". There's no need for any central infrastructure, it can't be co-opted by any central organization, it hit spammers where it hurts (throughput of messages, economics) and it can't be forged.

Take a look at the camram project you'll find a practical, working implementation of sender pays email today.

http://www.camram.org and camram.sourceforge.net

PGP is a better model

[DrXym]

I don't understand why OpenPGP is not being adopted here.

Individuals don't really give a damn about getting CA signature, since if you read the small print for 'personal certs' you'll see the trust bestowed by the signature is worthless anyway. So after a lot of screwing around, you end up with a cert which if you're lucky is free but otherwise costs $10, that carries no trust and expires in a year or six months anyway. Whoopee. That's even assuming you have enough of a clue to figure out how to get a cert in the first place.

OpenPGP is the perfect solution here since people can whip up a key in no time, for free and it effectively implies the same level of trustworthiness as the one from the CA which is to say none whatsoever. Over time however they can build more trust into the key by getting their friends and associates to sign it.

Now for businesses, PGP is fine too. There is nothing to stop a CA signing a PGP key, so if a company wants to buy real trust for their key, it is there to be had in the same way as you get from PKI.

Which begs the question why anyone bothers with PKI at all, or why OpenPGP is not being integrated into the x.509 standard. As it stands no email software integrates PKI seamlessly, it's too complicated, it's too slow (it uses RSA for the entire message unlike PGP), it's too hard to get a key and it offers no more trust that PGP.

It seems to be somewhat of a lame duck really.

The certificates are for servers, not individuals

[Gunzour]

Lots of posters in this thread seem to be assuming this proposal is to force everyone to buy a cert to be able to send mail. The spec requires mail servers, not individuals, to have certs. Therefore, your ISP would have a cert to say "yes I really am someisp.com" when sending your mail.

Re:The certificates are for servers, not individua

[warpSpeed]

Therefore, your ISP would have a cert to say "yes I really am someisp.com" when sending your mail.

Well I am my own small ISP and I move about 10,000 emails a day for me any my clients (much of which is spam). _I_ would still have to pay an outragious sum for a cert...

What I would like to see is a Mail server with some memory of its history with other mail servers. Histogram of SMTP transations, by IP, sender id and domain, and recipient id and doamin. If you are getting hundreds of spams from an IP address, it would be nice to tar pit/block the SOB with a simple interface into the system, with automatic expiry times. It is the automatic expiry times that are key. If you do not have that it makes going back and cleaning up the future collateral dammage/innocent victims impossible to manage.

The SPAM problem would be significantly reduced if there were software to easly manage incoming mail using statistics by a human. The automates systems are ok, up to a point.

I would write something myslef, but I'm too busy combating the problem to have time. *sigh*...

My own idea for authentication

[Shdwdrgn]

Maybe this has been suggested before, maybe not. How about a key that is only known to the MTA? Any legitimate email sent out will have a header added which includes the hash for the key and the actual email. This hash is added to a list of submitted messages with an expiration time. Once the email is sent out, the receiving end takes that hash, and submits it to the MTA which supposedly originated the message, to be verified or rejected. If a hash is verified the originating MTA will take it off its list.

This should be a simple process which has at least two major uses... First, email viruses which are bypassing the legitimate domain MTA will not have a valid hash in the header. Second, any email where the origination is forged will also not contain a valid hash.

The list of sent hashes that the MTA maintains could further be enhanced by including the hash of the destination address where the email was sent to.

In essence, a header would be added to each outgoing mail as such:
X-Authenticate:

With an ever-changing table of valid hashes, it would be nearly impossible for someone to forge a legitimate hash. Even on the off-change that a hash WAS forged, a spammer would only be able to send a single message with that hash, then the MTA would expire it.

Of course there are some cons against this plan as well... There would be a small increase in traffic required to send a single email (negligable, maybe a few hundred bytes at most). Each MTA would have to reserve space for a hash table, the size of which would be based on the number of unreceived messages at any given moment, and how fast hashes were expired from the table (do you give up on sending a message after 5 minutes or 5 days).

The best thing about this method is that it provides a means of authenticating the sender of a message which is backwards-compatible with existing MTA's.