[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message Level Authentication

To: bill.mcinnis@xxxxxxxxxxxxxxxx
Subject: Re: Message Level Authentication
From: Douglas Otis <dotis@xxxxxxxxxxxxxx>
Date: Mon, 19 Apr 2004 19:15:02 -0700
Cc: MARID <ietf-mxcomp@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx

Bill,

Given a choice, an unencumbered solution is considered before a
proprietary one.  The messagelevel solution adds an out-of-band protocol
between MTAs to confirm each mail message.  Using the existing
infrastructure as with SPF has an advantage of requiring fewer new
elements and exchanges.  Confirming a valid sending IP of the domain and
not signatures for each message has an advantage of scale that can also
be mitigated within an existing cache.  Requiring a provider to query
for every spoofed and real message will create a problem and not a
solution as you propose.  Many MTA systems are approaching network
limits and this proposal adds to this network traffic substantially. 

-Doug

On Mon, 2004-04-19 at 18:46, Bill Mcinnis wrote:
> Hello all, 
> 
> After watching the back and forth on this list for the last 
> several months I just wanted to join in and get some feedback 
> as to why no one is discussing how to answer the one fundamental question, "Did you send me this email" and why no one has come 
> up with the answer "Just ask me and I'll tell you" (at the 
> machine level)? 
> 
> Please take a look at www.messagelevel.com and give us 
> some feedback. 
> 
> These ideas are based upon patent filings and prototype 
> systems several years in the making.  Message Level also
>  distributed a whitepaper (which is fully documented both
>  publicly and privately) to several of the "major players"
>  before the stories abruptly changed from "we are working 
> on message filtering" to many of the current ideas you see
>  circling now, which seem to be very quickly migrating to 
> the Message Level Patent Pending process. 
> 
> Sure there is a chicken and the egg problem here (but no more 
> than anything else being discussed), as well as bandwidth 
> concerns (no more than a normal "Mail From" test) and database
>  concerns (which are a much better alternative than having to 
> rewrite dns or the smtp protocol), but the idea is the most 
> reliable and secure method of stopping all of this craziness. 
> If there is one thing we have learned over the years is that 
> technology just gets better, quicker, and more stable as time 
> goes on. 
> 
> 
> We do feel as though we are getting resistance from the "larger
>  players"  because this system does have several Patent filings 
> in place and they would like to make the idea their own. However,
>  we want to be perfectly clear that we are willing to work with 
> anyone interested in solving one of the largest problems on the Internet today. 
> 
> We are finalizing our prototype systems to the API's of major 
> email systems and should have those rolled out by the end of 
> this Summer.  We are also going to be making publicly available 
> via our website and partners a client-side application that 
> addresses the Message Level process without the need for a email
>  server implementation.  Thereby enabling users to choose their 
> own anti-spam system to validate and secure their email. 
> 
> We would love any comments and participation by anyone seeking 
> to address this problem. 
> 
> Thank you 
> 
> Bill McInnis 
>

References:
- Message Level Authentication
  - From: Bill Mcinnis

Prev by Date: Message Level Authentication
Next by Date: Re: Message Level Authentication
Previous by thread: Message Level Authentication
Next by thread: Re: Message Level Authentication
Index(es):
- Date
- Thread