1 / 11

X-ASVP Executive Overview

X-ASVP Executive Overview. eXtensible Anti-spam Verification Protocol. X-ASVP Committee Technical Working Group July 25, 2007. Agenda. Uses for X-ASVP How X-ASVP works X-ASVP Process flow URL “search path” algorithm Meta-document example Implementation Overhead. Uses for X-ASVP.

belle
Télécharger la présentation

X-ASVP Executive Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. X-ASVP Executive Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 25, 2007

  2. Agenda • Uses for X-ASVP • How X-ASVP works • X-ASVP Process flow • URL “search path” algorithm • Meta-document example • Implementation Overhead

  3. Uses for X-ASVP • Distributed Do Not E-mail Registry • Indicate “opt-out” as defined in CAN-SPAM Act • Would give ISP’s new legal standing and toolset to pursue spammers • Public Key Infrastructure • Would be a common location to post public keys • Authentication token (Level 1: ASVP-WEB) • Could be used to enforce authentication to a web server prior to accepting e-mail

  4. How X-ASVP works • Defines a set of web addresses associated to an e-mail address • One at the domain of the e-mail address • One at the host “www.x-asvp” in the same top level domain (.com, .net, .org, etc. ) as the e-mail address • One at the protocol committee’s website www.x-asvp.info • Defines syntax for posting user information at one (or more) of the above web addresses.

  5. X-ASVP Process Flow • Recipient posts an X-ASVP “meta-document” • E-mail sender collects recipient preferences from the posted meta-document • Bulk mail ( “legal” senders will respect UCE setting; those who don’t violate CAN-SPAM ) • PGP ( public key available on meta-document ) • ASVP-WEB ( “token” included in mail header )

  6. X-ASVP URL Algorithm • Goals: Distributed, Redundant, Universal • Hosts: 1. the domain, 2. top level domain, 3. global • Rules: 1. All alpha converted to uppercase, 2. non-alpha numeric converted to underscore • Example: John.Public1@foo.com • http://x-asvp.foo.com/FOO_COM/JOHN_PUBLIC1.HTM • http://www.x-asvp.com/FOO_COM/JOHN_PUBLIC1.HTM • http://www.x-asvp.info/COM/FOO_COM/JOHN_PUBLIC1.HTM

  7. Meta-document example Token for Level 1 “ASVP-WEB” extension Do Not E-mail “Registration” Asymmetric encryption public key

  8. Solution Data Flow

  9. Implementation Overhead • For an ISP or Enterprise that already runs a web server, implementation can be trivial • DNS record (CNAME) for “x-asvp” host • Virtual Host on existing web server • Generic page script (example on x-asvp.org ) • http://x-asvp.org/_pub/draft/HOWTO/

  10. Benefit of “trivial” implementation • Equivalent to posting “No Trespassing” on your Inbox. • If recognized as equivalent to listing in “National Do Not E-mail Registry”, then enforcement provisions of CAN-SPAM apply. • Spammers don’t know whether or not you’re filtering on the ASVP-WEB token provided. • New anti-spam toolset • IP address trail available when tokens are collected. • CGI script logic easier to implement (for token generation) than sender host verification at MTA.

More Related