Bounce Address Tag Validation
   HOME

TheInfoList



Click Here for Items Related To - Bounce Address Tag Validation
OR:
Bounce Address Tag Validation on:   [Wikipedia]   [Google]   [Amazon]

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...
, Bounce Address Tag Validation (BATV) is a method, defined in an
Internet Draft An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are int ...
, for determining whether the
bounce address {{No footnotes, date=June 2016 A bounce address is an email address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reverse path, envelope from, envelope sender, MA ...
specified in an
E-mail Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
message is valid. It is designed to reject
backscatter In physics, backscatter (or backscattering) is the reflection of waves, particles, or signals back to the direction from which they came. It is usually a diffuse reflection due to scattering, as opposed to specular reflection as from a mirror, a ...
, that is,
bounce message A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered (or some other delivery problem occurred). The original message is said to have "boun ...
s to forged return addresses.


Overview

The basic idea is to send all e-mail with a return address that includes a timestamp and a cryptographic token that cannot be forged. Any e-mail that is returned as a bounce without a valid signature can then be rejected. E-mail that is being bounced back should have an empty (null) return address so that bounces are never created for a bounce and therefore preventing messages from bouncing back and forth forever. BATV replaces an envelope sender like mailbox@example.com with prvs=''tag-value''=mailbox@example.com, where prvs, called "Simple Private Signature", is just one of the possible tagging schemes; actually, the only one fully specified in the draft. The BATV draft gives a framework that other possible techniques can fit into. Other types of implementations, such as using public key signatures that can be verified by third parties, are mentioned but left undefined. The overall framework is vague/flexible enough that similar systems such as
Sender Rewriting Scheme The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. Forging a sender address is also known as email spoofing. Background In a number of cases, including ...
can fit into this framework.


History

Sami Farin proposed an Anti-Bogus Bounce System in 2003 in
news.admin.net-abuse.email news.admin.net-abuse.email (sometimes abbreviated nanae or n.a.n-a.e, and often incorrectly spelled with a hyphen in "email") is a Usenet newsgroup devoted to discussion of the abuse of email systems, specifically through spam and similar attac ...
, which used the same basic idea of putting a hard to forge hash in a message's bounce address. In late 2004, Goodman et al. proposed a much more complex "Signed Envelope Sender"Microsoft Word - Working_SES_Format_Definition_16.doc
/ref> that included a hash of the message body and was intended to address a wide variety of forgery threats, including bounces from forged mail. Several months later, Levine and Crocker proposed BATV under its current name and close to its current form.


Problems

The draft anticipates some problems running BATV. * Some mailing lists managers (e.g.
ezmlm ezmlm is mailing list management software (MLM) by Daniel J. Bernstein. It is similar to GNU Mailman and Majordomo but only works with the qmail mail transfer agent. It is released into the public domain. The latest version, 0.53, came out in 1 ...
) still key on the bounce address, and will not recognize it after BATV mangling. * Greylisting requires BATV implementations to keep the same tag across retransmissions for a reasonable time. This may also cause each e-mail to be delayed unless the greylisting system ignores the tag, or whitelists sending hosts that successfully retry. * Challenge-response spam filtering and systems that sort mail based on the bounce address (e.g. for removing duplicates) may work less smoothly with BATV-tagged addresses. There are also problems that prevent BATV systems from eliminating all backscatter. * Some legitimate e-mail gets sent with empty return address that is not a bounce and therefore will not have the special tokens. For example, the Delivery Status Notification extension defined in requires a null return path when sending email with a "NOTIFY=NEVER" option to a non-conforming server. * Some e-mail bounces (incorrectly) get sent not to the return address, but to the e-mail address on the From: header. * Some mail systems that implement
Callback verification Callback verification, also known as callout verification or Sender Address Verification, is a technique used by SMTP software in order to validate e-mail addresses. The most common target of verification is the sender address from the message e ...
use "postmaster" instead of the null return address.


See also

*
Sender Policy Framework Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is ...
(SPF) *
Sender Rewriting Scheme The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. Forging a sender address is also known as email spoofing. Background In a number of cases, including ...
(SRS) *
Simple Mail Transfer Protocol The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typica ...
(SMTP) *
Variable envelope return path Variable envelope return path (VERP) is a technique used by some electronic mailing list software to enable automatic detection and removal of undeliverable e-mail addresses. It works by using a different return path (also called "envelope sender" ...
(VERP)


References


External links


BATV draft

BATV web page

Greylisting and BATV
{{Webarchive, url=https://web.archive.org/web/20100323014624/http://www.gossamer-threads.com/lists/qmail/users/136776 , date=2010-03-23 Implementation of BATV (with a BATV tester) for
qmail qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program. Originally license-free software, qmail's source code was ...
/ netqmail Email authentication