X-ASVP Executive Overview - PowerPoint PPT Presentation

About This Presentation
Title:

X-ASVP Executive Overview

Description:

... in the same top level domain (.com, .net, .org, etc. ) as the e-mail address ... Equivalent to posting 'No Trespassing' on your Inbox. ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 12
Provided by: gerald131
Learn more at: http://www.x-asvp.org
Category:

less

Transcript and Presenter's Notes

Title: X-ASVP Executive Overview


1
X-ASVP Executive Overview
  • eXtensible Anti-spam Verification Protocol

X-ASVP Committee Technical Working Group July
25, 2007
2
Agenda
  • Uses for X-ASVP
  • How X-ASVP works
  • X-ASVP Process flow
  • URL search path algorithm
  • Meta-document example
  • Implementation Overhead

3
Uses for X-ASVP
  • Distributed Do Not E-mail Registry
  • Indicate opt-out as defined in CAN-SPAM Act
  • Would give ISPs new legal standing and toolset
    to pursue spammers
  • Public Key Infrastructure
  • Would be a common location to post public keys
  • Authentication token (Level 1 ASVP-WEB)
  • Could be used to enforce authentication to a web
    server prior to accepting e-mail

4
How X-ASVP works
  • Defines a set of web addresses associated to an
    e-mail address
  • One at the domain of the e-mail address
  • One at the host www.x-asvp in the same top
    level domain (.com, .net, .org, etc. ) as the
    e-mail address
  • One at the protocol committees website
    www.x-asvp.info
  • Defines syntax for posting user information at
    one (or more) of the above web addresses.

5
X-ASVP Process Flow
  • Recipient posts an X-ASVP meta-document
  • E-mail sender collects recipient preferences from
    the posted meta-document
  • Bulk mail ( legal senders will respect UCE
    setting those who dont violate CAN-SPAM )
  • PGP ( public key available on meta-document )
  • ASVP-WEB ( token included in mail header )

6
(No Transcript)
7
X-ASVP URL Algorithm
  • Goals Distributed, Redundant, Universal
  • Hosts 1. the domain, 2. top level domain, 3.
    global
  • Rules 1. All alpha converted to uppercase,
  • 2. non-alpha numeric converted
    to underscore
  • Example John.Public1_at_foo.com
  • http//x-asvp.foo.com/FOO_COM/JOHN_PUBLIC1.HTM
  • http//www.x-asvp.com/FOO_COM/JOHN_PUBLIC1.HTM
  • http//www.x-asvp.info/COM/FOO_COM/JOHN_PUBLIC1.HT
    M

8
Meta-document example
Token for Level 1 ASVP-WEB extension
Do Not E-mail Registration
Asymmetric encryption public key
9
Solution Data Flow
10
Implementation Overhead
  • For an ISP or Enterprise that already runs a web
    server, implementation can be trivial
  • DNS record (CNAME) for x-asvp host
  • Virtual Host on existing web server
  • Generic page script (example on x-asvp.org )
  • http//x-asvp.org/_pub/draft/HOWTO/

11
Benefit of trivial implementation
  • Equivalent to posting No Trespassing on your
    Inbox.
  • If recognized as equivalent to listing in
    National Do Not E-mail Registry, then
    enforcement provisions of CAN-SPAM apply.
  • Spammers dont know whether or not youre
    filtering on the ASVP-WEB token provided.
  • New anti-spam toolset
  • IP address trail available when tokens are
    collected.
  • CGI script logic easier to implement (for token
    generation) than sender host verification at MTA.
Write a Comment
User Comments (0)
About PowerShow.com