Educational CyberPlayGround ®

RFC's (Proposed Standards) on 'Cryptographic Message Syntax'.

LEARN ALL ABOUT EMAIL

EMAIL: Book

Tech titans release new email security standard
March 22, 2016
!

THE NEW STANDARD

RFC's (Proposed Standards) on 'Cryptographic Message Syntax'. RFC 2142, which specifies that "abuse" is the correct address for every domain to receive abuse reports -- whether those reports pertain to abuse *by* the domain (or its customers, etc.) or *of* the domain (or its customers).
This is not only specified in the RFC, but it's a well-known best practice, and has been for years.
Unfortunately, many domains have chosen to ignore this -- or to "support" it in a way that renders it effectively unusable. Those methods include:

  • routing its traffic to the bit-bucket
  • routing its traffic to an autoresponder that directs senders to use a web form -- thus deliberately making it as difficult as possible for users to report abuse, c.f. "hoop-jumping".
  • routing its traffic to an ignore-bot
  • using spam/virus filtering methods on the address that make it impossible to report spam/virus incidents to the address
  • forwarding complaints to those being complained about, thus handing over victims' data to the abusers and facilitating spammer "list-washing" and various forms of revenge attacks
  • routing its traffic to untrained/incompetent staff whose response is either that the complaint is in error or has been resolved (Hotmail and Yahoo, are particularly well-known for this)
  • refusing to investigate any complaint not filed by their own customers
  • allowing the abuse mailbox to reach its quota and reject subsequent messages (Comcast prefers this approach) and so on.

Happily, There are some exceptions to this: some operations (correctly) consider every abuse complaint as a possible indicator of a security emergency, requiring immediate attention from senior personnel until resolved. Unsurprisingly, these well-run operations don't have to field many abuse complaints, because the same diligence and professionalism that allows them to respond promptly and effectively also enables them to pro-actively address many issues *before* abuse actually occurs. But unfortunately, these are the exceptions; the rule is that for most operations, handling abuse traffic is a reluctant afterthought at best, and thus we have...what we have.

---Rsk

Date: Thu, 05 Sep 2002 09:51:07 -0700
From: [repeat]@rfc-editor.org
Subject: [rfc-dist] RFC 3369 on Cryptographic Message Syntax (CMS)

A new Request for Comments is now available in online RFC libraries.

RFC 3369


Title: Cryptographic Message Syntax (CMS)
Author(s): R. Housley
Status: Standards Track
Date: August 2002
Mailbox: rhousley@rsasecurity.com
Pages: 52
Characters: 113975
Obsoletes: 2630, 3211


I-D Tag: draft-ietf-smime-rfc2630bis-08.txt

URL: ftp://ftp.rfc-editor.org/in-notes/rfc3369.txt

This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content.

This document is a product of the S/MIME Mail Security Working Group of the IETF.

This is now a Proposed Standard Protcol.

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the
standardization state and status of this protocol. Distribution of this memo is unlimited.


This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be
added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body
help: ways_to_get_rfcs. For example:


To: rfc-info@RFC-EDITOR.ORG
Subject: getting rfcs

help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.

Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute


Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs.


Date: 05 Sep 2002 13:53:58 -0400
From: rfc-editor@rfc-editor.org
Subject: [rfc-dist] RFC 3370 on Cryptographic Message Syntax (CMS) Algorithms

A new Request for Comments is now available in online RFC libraries.

RFC 3370
Title: Cryptographic Message Syntax (CMS) Algorithms
Author(s): R. Housley
Status: Standards Track
Date: August 2002
Mailbox: rhousley@rsasecurity.com
Pages: 24
Characters: 51001
Updates/Obsoletes/SeeAlso: None


I-D Tag: draft-ietf-smime-cmsalg-08.txt


URL: ftp://ftp.rfc-editor.org/in-notes/rfc3370.txt

This document describes the conventions for using several
cryptographic algorithms with the Cryptographic Message Syntax (CMS). The CMS is used to digitally sign, digest, authenticate, or encrypt arbitrary message contents.


This document is a product of the S/MIME Mail Security Working Group of the IETF.


This is now a Proposed Standard.


This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.


This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.


Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body
help: ways_to_get_rfcs. For example:


To: rfc-info@RFC-EDITOR.ORG
Subject: getting rfcs
help: ways_to_get_rfcs


Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution.echo
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC
Authors, for further information.

Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute


...


Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs.
Content-Type: text/plain
Content-ID: <020905095135.RFC@RFC-EDITOR.ORG>


RETRIEVE: rfc
DOC-ID: rfc3370


<ftp://ftp.isi.edu/in-notes/rfc3370.txt>