SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hello NANOG, Belated new year wishes.

I would like to gather some feedback from you all.

I'm trying to propose two things to the Internet Standard and it's related
to SMTP.

(1) STARTTLS downgrade protection in a dead simple way

(2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.

I posted my proposal in IETF mailing list. I got very good feedback there.
Some support my proposal. Many are against it.

I would love to know where you stand on this proposal. Let me give you the
abstract first.

-

SMTP is still suffering from downgrade attacks like STRIPTLS. While we have
"Opportunistic TLS", we still don't have "Implicit TLS" in the SMTP.

Don't take this in the wrong way. We do have "Implicit TLS" for "SMTP
Submission" on port 465. But we don't have a secure port 25 alternative.
i.e. The real SMTPS

Both MTA-STS and MTA-DANE tries to fix the STARTTLS downgrade issue.
However the implementation is not simple. The former requires a HTTPS
server and the latter requires DNSSEC to even get started.

This proposal fixes STARTTLS downgrade issue and propose a new port 26, an
"Implicit TLS" alternative for port 25 and recommends the MX server to
signal the port via a prefix.

This proposal offers two ways.

(1) STARTTLS Prefix

Use this prefix only to deal with STARTTLS downgrade issue.

e.g. mx1.example.com should be prefixed like starttls-mx1.example.com.

Where "starttls-" says "Our port 25 supports Opportunistic TLS. So if
STARTTLS command not found in the EHLO response or certificate is invalid,
then drop the connection".

(2) SMTPS Prefix

Use this prefix if you wanna support Implicit TLS on port 26 and
Opportunistic TLS on port 25.

e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.

Where "smtps-" says "We prefer if you connect to our SMTPS in port 26. But
we also accept mails in port 25. And our port 25 supports Opportunistic
TLS. So if STARTTLS command not found in the EHLO response or certificate
is invalid, then drop the connection".

In "starttls-" prefix port 25 *MUST* support encryption with *valid SSL*
certificates.

In "smtps-" prefix, *BOTH* port 26 and port 25 *MUST* support encryption
with *valid SSL* certificates.

Note: You need to enable DNSSEC to prevent MX record spoofing. My proposal
highly recommends DNSSEC. Not mandates that.

---

What IETF Mailing list thinks? - "Implicit TLS doesn't offer any additional
security than a downgrade protected STARTTLS. Let's not waste a port."

What I think? - Implicit TLS still fall under the "best practices". So it
will send out the positive vibe that IETF still cares about email security.

What the world thinks? -
https://gist.github.com/mistergiri/138fc46ae401b7492662a32409edb07f

What do you all think? -
https://medium.com/@dombox/smtp-over-tls-on-port-26-efc67e8a99ce

-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hello Doug, it's happening in ietf-smtp. This is my first proposal. So
haven't created the I-D yet.

I'm not sure how to create one.

That's why I published my proposal in the medium. Please see the medium
link I posted earlier.

Thanks.

On Sat, Jan 12, 2019, 6:46 AM Doug Royer  On 1/11/19 10:38 AM, Viruthagiri Thirumavalavan wrote:
> > Hello NANOG, Belated new year wishes.
> >
> > I would like to gather some feedback from you all.
> >
> > I'm trying to propose two things to the Internet Standard and it's
> > related to SMTP.
> >
> > (1) STARTTLS downgrade protection in a dead simple way
> >
> > (2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.
> >
> > I posted my proposal in IETF mailing list. I got very good feedback
> > there. Some support my proposal. Many are against it.
> >
>
> What is the IETF draft name?
> Which IETF mailing list did this discussion happen on?
>
> --
>
> Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
> douglasro...@gmail.com
> 714-989-6135
>
>

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

>
> In addition, it bypasses all the security folks have built around the
> idea of blocking port 25 traffic from sources which should not be
> operating as mail servers. Let's not make the network less secure in
> the name of making it more so.


I already addressed this issue in the "security considerations" section.

"Port 26 will be a secure alternative for Port 25. So Internet Service
Providers are adviced to take precautions to prevent email spam abuse. They
are advised to block port 26, if necessary."

I'm not a fan over overloading semantic information in part of a
> protocol where it doesn't belong, That's dug us in to a lot of deep
> holes over the years. If you want to do this, seek a new DNS record
> type or do like everybody else and create a TXT record to inform
> internet peers of the availability of your new semantics for port 25.


Yes, This suggestion came up on our discussions.

On Sat, Jan 12, 2019 at 7:11 AM William Herrin  wrote:

> On Fri, Jan 11, 2019 at 4:22 PM Viruthagiri Thirumavalavan
>  wrote:
> > What IETF Mailing list thinks? - "Implicit TLS doesn't offer any
> additional security than a downgrade protected STARTTLS. Let's not waste a
> port."
>
> In addition, it bypasses all the security folks have built around the
> idea of blocking port 25 traffic from sources which should not be
> operating as mail servers. Let's not make the network less secure in
> the name of making it more so.
>
> > e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.
>
> I'm not a fan over overloading semantic information in part of a
> protocol where it doesn't belong, That's dug us in to a lot of deep
> holes over the years. If you want to do this, seek a new DNS record
> type or do like everybody else and create a TXT record to inform
> internet peers of the availability of your new semantics for port 25.
>
> Regards,
> Bill Herrin
>
> --
> William Herrin  her...@dirtside.com  b...@herrin.us
> Dirtside Systems . Web: <http://www.dirtside.com/>
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

>
> While we're at it, let's deprecate IPv4 now that IPv6 is fully deployed


Come on Mr. Herrin.

Blocking a port is much easier than deprecating a heavily used protocol.
Google stats show ~75% use IPv4.

On Sat, Jan 12, 2019 at 7:30 AM William Herrin  wrote:

> On Fri, Jan 11, 2019 at 5:52 PM Viruthagiri Thirumavalavan
>  wrote:
> >> In addition, it bypasses all the security folks have built around the
> >> idea of blocking port 25 traffic from sources which should not be
> >> operating as mail servers. Let's not make the network less secure in
> >> the name of making it more so.
> >
> > I already addressed this issue in the "security considerations" section.
> >
> > "Port 26 will be a secure alternative for Port 25. So Internet Service
> Providers are adviced to take precautions to prevent email spam abuse. They
> are advised to block port 26, if necessary."
>
> While we're at it, let's deprecate IPv4 now that IPv6 is fully deployed.
>
> -Bill
>
>
>
> --
> William Herrin .... her...@dirtside.com  b...@herrin.us
> Dirtside Systems . Web: <http://www.dirtside.com/>
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

If you all think my prefix proposal have some merits, it still paves the
way for future smtps proposals. So I have no issues with killing smtps part
of my proposal.

As for signalling, I'm not sure whether moving the signalling part to
another record type is a good idea.

Because my signalling proposal is flawed without DNSSEC as Brandon Martin
pointed out.

So if we move the signalling part to another record type, then we may have
to deal with multiple record set signatures. Also there is one more
configuration for the end user. But i'm open for suggestions.

To the person who trolled me. I'm here to have some intellectual
conversation. So please stop trolling me. You are an engineer. So don't
behave like a teen in youtube comments section.  I'm proposing these
stuffs, so the world can benefit something. By trolling me, you are just
killing that.

To everyone else, please go easy on me. If I'm little off on something,
please forgive my ignorance. The reason I'm here is because you all know
these stuffs better than me. I'm here to get some feedback.

If you all think opening a new port is waste of time, I'm ok with that. But
if you see some benefits on Implicit TLS over Opportunistic TLS, please
point that out too.

Thank you for your time.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hello Mr. Ramasubramanian,

When I originally drafted the SMTPS proposal, I thought those plaint text
part before the STARTTLS command leaks some sensitive info.

e.g. 220 mail.ashleymadison.com AshleyMadison ESMTP Service Ready

Those text will always be transferred in plain text. So I thought Implicit
TLS would prevent leaking that info.

But guys in the IETF mailing list actually showed me a way to get that
info. You just get the IP address from 3 way handshake and do reverse
lookup / Connect to port 26 to fill the rest of the info. So a new port
doesn't offer much security. And I totally I agree with them on that from
my understanding of it.

But I still want the future of email to adopt Implicit TLS. So someday we
can kill Opportunistic TLS. I already lost the case for security. So my
smtps part of the proposal not gonna fly. I'm just here to learn whether
Implicit TLS can offer anything better than Opportunistic TLS that's worth
wasting a port.

Thanks

On Sat, Jan 12, 2019 at 9:28 AM Suresh Ramasubramanian 
wrote:

> Most new MTA implementations over the past several years default to TLS
> with strong ciphers.  So how much of a problem is low or no TLS right now?
>
> How much more of a problem will it be over the next year or two as older
> hardware is retired and new servers + software deployed, or as is more
> likely, people move their mail to cloud services that already do support
> strong ciphers for TLS?
>
> How worth solving is rhe problem - what is the return for all this effort?
>
> --srs
>
> ------
> *From:* NANOG  on behalf of
> Viruthagiri Thirumavalavan 
> *Sent:* Saturday, January 12, 2019 9:21 AM
> *To:* nanog@nanog.org
> *Subject:* Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback
> Request]
>
> If you all think my prefix proposal have some merits, it still paves the
> way for future smtps proposals. So I have no issues with killing smtps part
> of my proposal.
>
> As for signalling, I'm not sure whether moving the signalling part to
> another record type is a good idea.
>
> Because my signalling proposal is flawed without DNSSEC as Brandon Martin
> pointed out.
>
> So if we move the signalling part to another record type, then we may have
> to deal with multiple record set signatures. Also there is one more
> configuration for the end user. But i'm open for suggestions.
>
> To the person who trolled me. I'm here to have some intellectual
> conversation. So please stop trolling me. You are an engineer. So don't
> behave like a teen in youtube comments section.  I'm proposing these
> stuffs, so the world can benefit something. By trolling me, you are just
> killing that.
>
> To everyone else, please go easy on me. If I'm little off on something,
> please forgive my ignorance. The reason I'm here is because you all know
> these stuffs better than me. I'm here to get some feedback.
>
> If you all think opening a new port is waste of time, I'm ok with that.
> But if you see some benefits on Implicit TLS over Opportunistic TLS, please
> point that out too.
>
> Thank you for your time.
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

> To the OP - what's the point of hiding the hostname in the smtp banner?
> You already know from the dns. Concerned about the MTA version? You can
> configure postfix to claim it is exchange or avian carrier for that matter


I was concerned about the Brand name right next to the 220 hostname example
I posted earlier. I thought it would offer little more privacy. I was wrong.

So - given that multiple people have explained to you on the ietf-smtp list
> that there's no really sensitive info before STARTTLS, what *exactly* does
> your proposal buy us?  What *real* problem is port 26 fixing?
> And is this something that *you* think is a problem, or that somebody who
> runs an actual production mail system thinks is a problem?


Thanks Mr. Kletnieks,

Nice to meet you again. [To everyone else - he is one of the nicest person
who provided suggestions in ietf-smtp]

When I proposed I thought this was an issue. But seem like it's not. What
I'm looking for here is will there be any additional pros if we introduce
Implicit TLS?

Pros of introducing Implicit TLS:
+ Falls under Best Practices
+ Sets an early date to deprecate Opportunistic TLS in the future. (e.g. 20
years from now)
+ Seems like it's what the world wants.

Cons of introducing Implicit TLS:
- Wastes a port
- ISP needs to add little code to block port 26

Well, the summary on the ietf-smtp list was that the new port doesn't
> actually
> buy you anything unless you have DANE, and once you have DANE, the new port
> doesn't add anything.
> The conclusion is that we should be deploying DANE more rather than
> burning a
> port.
> Not sure why you expect to hear much differently from NANOG.


I improved my proposal a lot based on feedback I received from people like
you. My proposal doesn't rely on DANE. Only DNSSEC. Even for that part, it
doesn't mandates that.

When example.com mails are third party hosted, example.com needs DNSSEC and
third party mail servers (e.g. Google) needs DNSSEC+DANE. But google seem
like it's not interested in DNSSEC. Thus Google provides a DANE alternative
called MTA-STS.

Let's say my domain supports DNSSEC. If my domain mails are hosted in
Google, then I have no other way other than going for MTA-STS.

MTA-STS needs another https server just for the sake of mail security.

My proposal just changes that. Google gonna name their MX servers with
starttls- prefix. And now example.com can protect MX record spoofing via
DNSSEC.

My point is, the signalling mechanism is handed over to third party mail
providers like Google in DANE. My solution embeds the signalling mechanism
in the hostname. Thus google don't have to evangelise MTA-STS to their
millions of customers.

Please correct me if I'm wrong with those statements

On Sat, Jan 12, 2019 at 10:36 AM  wrote:

> On Sat, 12 Jan 2019 09:45:12 +0530, Viruthagiri Thirumavalavan said:
>
> > But I still want the future of email to adopt Implicit TLS. So someday we
> > can kill Opportunistic TLS. I already lost the case for security. So my
> > smtps part of the proposal not gonna fly. I'm just here to learn whether
> > Implicit TLS can offer anything better than Opportunistic TLS that's
> worth
> > wasting a port.
>
> Well, the summary on the ietf-smtp list was that the new port doesn't
> actually
> buy you anything unless you have DANE, and once you have DANE, the new port
> doesn't add anything.
>
> The conclusion is that we should be deploying DANE more rather than
> burning a
> port.
>
> Not sure why you expect to hear much differently from NANOG.
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hi Töma,

Those are valid points.

Thanks for the input.

On Sat, Jan 12, 2019 at 4:02 PM Töma Gavrichenkov  wrote:

> 12 Jan. 2019 г., 8:44 Viruthagiri Thirumavalavan :
> > Pros of introducing Implicit TLS:
> > + Falls under Best Practices
> > + Seems like it's what the world wants.
>
> None of the above is really a technical argument within standards process.
>
> The world wants emojis in domain names, so what?
>
> > + Sets an early date to deprecate Opportunistic TLS in the future.
>
> There's nothing bad in opportunistic TLS per se, and no reason to
> deprecate it. The real problem is the (absent) downgrade resistance: SMTP
> in cleartext is historically the default, and there's no tool to reliably
> advertise to *everyone* on the Internet that your particular SMTP server is
> not obsolete. Also, TOFU is similarly unreliable for that matter and too
> opaque for troubleshooting.
>
> None of the issues above are solved by adding yet another port to the
> already overblown e-mail port bundle.
>
> In fact, implicit TLS still has some advantages over the explicit version
> (e.g. 0-RTT) that you've missed, but they are of questionable profit for
> e-mail.
>
> --
> Töma
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hi Seth,

My solution is intended for clients. A client should decide whether to
transmit mails in clear text or not.

In other words, the server can accept mails in clear text. The prefix
informs the client, that the server supports TLS.

A client that knows what "starttls-" prefix stands for, would come to know
downgrade attacks if the STARTTLS command not found in EHLO response.

If I force the server to accept only TLS, then that's not backward
compatible.

Thanks

On Sat, Jan 12, 2019 at 9:24 PM Seth Mattinen  wrote:

> On 1/11/19 9:38 AM, Viruthagiri Thirumavalavan wrote:
> > Hello NANOG, Belated new year wishes.
> >
> > I would like to gather some feedback from you all.
> >
> > I'm trying to propose two things to the Internet Standard and it's
> > related to SMTP.
> >
> > (1) STARTTLS downgrade protection in a dead simple way
> >
> > (2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.
>
>
> Why would anyone need this when you can just set an option in most (all
> modern?) SMTP servers to refuse clear connections if you want to force
> TLS at all times?
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

What makes you think I never did any research?

https://medium.com/@Viruthagiri/smtp-ports-25-vs-587-vs-465-de1046f57636

On Sat, Jan 12, 2019 at 10:10 PM James Downs  wrote:

> > On Jan 12, 2019, at 08:14, Viruthagiri Thirumavalavan 
> wrote:
>
> > My solution is intended for clients. A client should decide whether to
> transmit mails in clear text or not.
>
> You should spend some time doing research by reading RFCs, and doing a
> little searching on the internet. Your proposal, would, canonically be
> called SMTPS.
>
> If you put that into a search engine, you'll find not only is it
> deprecated, but has an assigned port number of 465.
>
> https://en.wikipedia.org/wiki/SMTPS
>
>

-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hello Mr. Levine,

5 months back I posted my spam research on DMARC list. You have gone
through only 50 words and judged my work. The whole thread gone haywire
because of you. I was humiliated there and left.

Last week I posted in IETF list. To be very honest, I don't like you.
That's because you spent your time only on attacking me on DMARC list. I'm
happy to post the private mail screenshots if anyone wants that.

Although I don't like you, I still managed to respond politely in IETF
lists. Again... In that list the only thing you did was attacking my work.
I asked you to provide evidence to support your criticisms, but you never
did.

You called my work as fantasy, whereas guys in this thread says it has at
least some merits.

https://mailarchive.ietf.org/arch/msg/uta/CaMj7xkGpkDg6c3qKGlLjksG5do

To quote his words

Sorry, but this is a fantasy.  SMTP routing still falls back to an A
> record if there's no MX and the DNS has been around for 30 years.  And
> your assmptions about what is hard and what is easy may be correct for
> your personal situation, but they are not true in general.
> Look at it this way -- if you can set up an STS server in less than a
> decade, you're ahead of the game.


This is what I responded for that.

-
Here is the problem with that part.  A records are IE6 equivalent in the
SMTP world. These days everyone moved to the MX records. There are rare
cases where some mail servers still rely on A records.

My solution doesn't deal with A records. It's the clients decision whether
to use MX record or A record.

Let's just pretend my solution rely on A records, you are criticising my
work saying that 0.1% people not gonna upgrade to "MX Records". On the
other hand, you think 100% of the internet gonna upgrade to a completely
new system STS.

Isn't that irony?
-

These are some of his responses to my thread.

--

MTA-STS does a great deal of this.  It has a way for a domain to say
"all my inbound mail uses TLS" (RFC 8461) and for other systems to
report back and say whether they're actually seeing that (RFC 8460.)

I don't understand why people are trying to reinvent the wheel when we
just defined a fairly round one a few months ago.

https://mailarchive.ietf.org/arch/msg/uta/XVHBasNzVBTKbFE2EcLmI9fK324

-

We went through all of this when we invented MTA-STS.  We know that
setting up a web server can be non-trivial but for a lot of places,
it's far easier than geting DNSSEC to work.  I recall a dinner at the
Buenos Aires IETF where we were trying to figure out if there were a
reasonable way to signal stuff in the DNS.  Magic names certainly came
up.

I think it would be a good idea for anyone interested in this topic to
go back through the mailing list discussion and read the drafts and
explain what is different now that we didn't know when we defined
MTA-STS a few months ago

https://mailarchive.ietf.org/arch/msg/uta/nmB53F9Hg9yfPXCXeXv248evYhM

-

John, you should know, I'm doing forum shopping here because of you. I
totally understand others tried to help me. But you are not.

You created this thread just to attack me. So this is the prime example of
you trying to silence my work. Most decent folks never do such thing.

To everyone else, my solution is an EASY alternative for both DANE and
MTA-STS. John seem like he has vested interest in MTA-STS.

Guys, feel free to take a look at our whole conversation in the uta ietf
list. And then please tell me this man is not biased at all. I'm happy to
terminate my proposal in that case.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

I'm not sure why are being angry here.

For the record, this conversation isn't about TLS on port 26. It's about
STARTTLS downgrade protection on port 25.

On Sun, Jan 13, 2019 at 3:33 AM Brian Kantor  wrote:

> From this point forward, all mail containing the phrase "TLS on
> port 26" in the Subject line will be shunted into my junk mail box,
> unread, because I do not wish to see any more correspondence on
> this matter.
>
> 'procmail' is my friend.
> - Brian
>
>
> On Sun, Jan 13, 2019 at 03:20:26AM +0530, Viruthagiri Thirumavalavan wrote:
> > Hello Mr. Levine,
> >   [...]
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

>
> Go and check how many of these match. Then ask yourself why you might
> be getting a poor reception on lists composed of people who do this stuff
> for a living.


Hello Mr. Kletnieks,

I have no problem when people criticising my work. I even dropped the idea
of port 26 because people like you showed me why it's bad.

As for port 25 downgrade proposal, I'm happy to walk away if it is really
flawed. But I can't walk away when biased people attack me to protect their
interests. Remember, I posted in ietf-smtp to put a disclaimer when there
is a "conflict of interest" when responding to my messages? I was talking
about John and DANE author after seeing their messages in my uta thread.

No matter how much time you might have spent, repeating a bad idea over
> and over and over again will not turn it into a good idea.


If you are biased, how can I know it's a bad idea. Are you gonna say you
are not biased when criticising my work? I just proved you are biased.

The people on the IETF lists, particularly Ned Freed, and John Klensin,
> know more about mail than anyone in the world.  If they don't like your
> idea, you should pay attention.


I interacted with Mr. Klensin in the ietf-smtp forum. More than knowing
things, he seem like a man who respect others work.

This is what he said

Especially if you are new, please interpret my response (and
> those of several others) as "we aren't convinced about your
> idea" or "we think there are better alternatives", not as "your
> proposal is bad and will cause problems".   I'd like to see a
> lot more discussion before the latter conclusion is reached
> although I'd encourage you to read the comments carefully and
> see if they suggest ways to improve the proposal.  I believe
> that it is very important that new ideas to which long-time
> participants have initial negative reasons get careful
> consideration and every reasonable chance to succeed before they
> are dismissed.


I have improved my solution based on feedback I received. I dropped my port
26 proposal and concentrating only on port 25.

How can I get feedback from others, if you are gonna post anti-messages
about my work?

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

I don't know why you are all try to defend a man who try to silence my work.

Are you saying this thread is necessary?

On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov  wrote:

> On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan
>  wrote:
> > 5 months back I posted my spam research on DMARC list.
> > You have gone through only 50 words and judged my work.
> > The whole thread gone haywire because of you. I was
> > humiliated there and left.
>
> By the way, since that you've left no traces of whatever piece of work
> you've posted to that list. The website is empty, slides are removed
> from Speakerdeck, etc.
>
> In theory, I can easily recall a few cases in my life when going
> through just 50 words was quite enough for a judgment.
>
> > To be very honest, I don't like you.
>
> Please keep our busy mailing list out of this information, though for
> me it's a valuable piece of data that someone I don't know personally
> doesn't like someone else.
>
> > Although I don't like you, I still managed to respond politely in
> > IETF lists. Again... In that list the only thing you did was
> > attacking my work.
>
> So, I've read the whole thread, and, as far as I can see, there was
> nothing coming from John except for a balanced judgement.
>
> > And then please tell me this man is not biased at all.
>
> Sorry, he's not.
>
> --
> Töma
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

>
> By the way, since that you've left no traces of whatever piece of work
> you've posted to that list. The website is empty, slides are removed
> from Speakerdeck, etc.
> In theory, I can easily recall a few cases in my life when going
> through just 50 words was quite enough for a judgment.


Yes, 50 words are more than enough to decide a bad idea is bad.  You don't
> have to like that, or like any of us, but facts are facts


Guys, I can't able to disclose my work at this point. But I'm happy to
publish my work again next month.  In the meantime, I have no issues if you
all think my work is bad.

But if you all think, my work has some novelty and this man made the wrong
choice, be sure to tell that too.


On Sun, Jan 13, 2019 at 4:51 AM Viruthagiri Thirumavalavan 
wrote:

> I don't know why you are all try to defend a man who try to silence my
> work.
>
> Are you saying this thread is necessary?
>
> On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov 
> wrote:
>
>> On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan
>>  wrote:
>> > 5 months back I posted my spam research on DMARC list.
>> > You have gone through only 50 words and judged my work.
>> > The whole thread gone haywire because of you. I was
>> > humiliated there and left.
>>
>> By the way, since that you've left no traces of whatever piece of work
>> you've posted to that list. The website is empty, slides are removed
>> from Speakerdeck, etc.
>>
>> In theory, I can easily recall a few cases in my life when going
>> through just 50 words was quite enough for a judgment.
>>
>> > To be very honest, I don't like you.
>>
>> Please keep our busy mailing list out of this information, though for
>> me it's a valuable piece of data that someone I don't know personally
>> doesn't like someone else.
>>
>> > Although I don't like you, I still managed to respond politely in
>> > IETF lists. Again... In that list the only thing you did was
>> > attacking my work.
>>
>> So, I've read the whole thread, and, as far as I can see, there was
>> nothing coming from John except for a balanced judgement.
>>
>> > And then please tell me this man is not biased at all.
>>
>> Sorry, he's not.
>>
>> --
>> Töma
>>
>
>
> --
> Best Regards,
>
> Viruthagiri Thirumavalavan
> Dombox, Inc.
>


-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Yes please, Thanks Mr. Cummings

On Sun, Jan 13, 2019 at 4:56 AM Cummings, Chris  wrote:

> Can we please have a mod step in and shut this thread down? Any
> conversation of value is long gone.
>
> /Chris
>
>
>
> On Sat, Jan 12, 2019 at 5:25 PM -0600, "Viruthagiri Thirumavalavan" <
> g...@dombox.org> wrote:
>
> I don't know why you are all try to defend a man who try to silence my
>> work.
>>
>> Are you saying this thread is necessary?
>>
>> On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov 
>> wrote:
>>
>>> On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan
>>>  wrote:
>>> > 5 months back I posted my spam research on DMARC list.
>>> > You have gone through only 50 words and judged my work.
>>> > The whole thread gone haywire because of you. I was
>>> > humiliated there and left.
>>>
>>> By the way, since that you've left no traces of whatever piece of work
>>> you've posted to that list. The website is empty, slides are removed
>>> from Speakerdeck, etc.
>>>
>>> In theory, I can easily recall a few cases in my life when going
>>> through just 50 words was quite enough for a judgment.
>>>
>>> > To be very honest, I don't like you.
>>>
>>> Please keep our busy mailing list out of this information, though for
>>> me it's a valuable piece of data that someone I don't know personally
>>> doesn't like someone else.
>>>
>>> > Although I don't like you, I still managed to respond politely in
>>> > IETF lists. Again... In that list the only thing you did was
>>> > attacking my work.
>>>
>>> So, I've read the whole thread, and, as far as I can see, there was
>>> nothing coming from John except for a balanced judgement.
>>>
>>> > And then please tell me this man is not biased at all.
>>>
>>> Sorry, he's not.
>>>
>>> --
>>> Töma
>>>
>>
>>
>> --
>> Best Regards,
>>
>> Viruthagiri Thirumavalavan
>> Dombox, Inc.
>>
>

-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Ok guys, let's stop the discussion on this thread.

On Sun, Jan 13, 2019 at 5:00 AM Ross Tajvar  wrote:

> Viruthagiri,
>
> You are being too defensive. You've made this discussion about whether or
> not someone is attacking you, rather than the merit of your idea. It is not
> about networking or mail anymore. Please end the conversation here.
>
> -Ross
>
> On Sat, Jan 12, 2019 at 6:26 PM Viruthagiri Thirumavalavan <
> g...@dombox.org> wrote:
>
>> I don't know why you are all try to defend a man who try to silence my
>> work.
>>
>> Are you saying this thread is necessary?
>>
>> On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov 
>> wrote:
>>
>>> On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan
>>>  wrote:
>>> > 5 months back I posted my spam research on DMARC list.
>>> > You have gone through only 50 words and judged my work.
>>> > The whole thread gone haywire because of you. I was
>>> > humiliated there and left.
>>>
>>> By the way, since that you've left no traces of whatever piece of work
>>> you've posted to that list. The website is empty, slides are removed
>>> from Speakerdeck, etc.
>>>
>>> In theory, I can easily recall a few cases in my life when going
>>> through just 50 words was quite enough for a judgment.
>>>
>>> > To be very honest, I don't like you.
>>>
>>> Please keep our busy mailing list out of this information, though for
>>> me it's a valuable piece of data that someone I don't know personally
>>> doesn't like someone else.
>>>
>>> > Although I don't like you, I still managed to respond politely in
>>> > IETF lists. Again... In that list the only thing you did was
>>> > attacking my work.
>>>
>>> So, I've read the whole thread, and, as far as I can see, there was
>>> nothing coming from John except for a balanced judgement.
>>>
>>> > And then please tell me this man is not biased at all.
>>>
>>> Sorry, he's not.
>>>
>>> --
>>> Töma
>>>
>>
>>
>> --
>> Best Regards,
>>
>> Viruthagiri Thirumavalavan
>> Dombox, Inc.
>>
>

-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

>
> You'd probably do the world a favor if you spent that month instead
> finding mail
> software that does quoting and attribution correctly. You've made several
> posts
> that quoted me, and then quoted others in such a way that it looked like I
> said it.


Oh, I'm sorry about that. I'll pay attention next time.

Note that there are far more bad ideas than good ones, and sheer novelty
> doesn't
> mean an idea is good.


Ok

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Jason, Your comment is one of the best I have seen in this thread.

Thanks for the input and being neutral.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Hello Owen,

Thanks for the input.

This thread is not about my SMTPS proposal anymore. I'm already convinced
that's not gonna work since I couldn't find any strong advantages over
Opportunistic TLS.

But I'm still open for suggestions for my "starttls-" prefix proposal. It's
just trying to prevent STARTTLS downgrade issues in a very simple way.

However people are against that proposal too because of IDN and A record
fallback issues. I tested IDN
<https://gist.github.com/mistergiri/a4c9a5f1c26fd7003ebc0652af95d314#internationalized-domain-names>
and couldn't find any issues.

As for A record, If this proposal must support it too for MX fallback
mechanism, then I don't think this proposal gonna work.

To answer your question

How would (2) be different from the previous SMTPS port 465 which was
> deprecated?


Port 465 reintroduced in 2018 as submission port in rfc8314. Port 465 never
used for relay as far as I know. My SMTPS proposal is all about relay.  I
have done some research about the ports. If you want, please take look here
<https://medium.com/@Viruthagiri/smtp-ports-25-vs-587-vs-465-de1046f57636>.

Thanks

On Sun, Jan 13, 2019 at 9:45 AM Owen DeLong  wrote:

>
>
> On Jan 11, 2019, at 09:38 , Viruthagiri Thirumavalavan 
> wrote:
>
> Hello NANOG, Belated new year wishes.
>
> I would like to gather some feedback from you all.
>
> I'm trying to propose two things to the Internet Standard and it's related
> to SMTP.
>
> (1) STARTTLS downgrade protection in a dead simple way
>
> (2) SMTPS (Implicit TLS) on a new port (26). This is totally optional.
>
>
> How would (2) be different from the previous SMTPS port 465 which was
> deprecated?
>
> Don't take this in the wrong way. We do have "Implicit TLS" for "SMTP
> Submission" on port 465. But we don't have a secure port 25 alternative.
> i.e. The real SMTPS
>
>
> https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587
>
> Seems to agree with my recollection that 465 was never specifically for
> submission and that it was deprecated shortly after the introduction of
> STARTTLS.
>
> Both MTA-STS and MTA-DANE tries to fix the STARTTLS downgrade issue.
> However the implementation is not simple. The former requires a HTTPS
> server and the latter requires DNSSEC to even get started.
>
> This proposal fixes STARTTLS downgrade issue and propose a new port 26, an
> "Implicit TLS" alternative for port 25 and recommends the MX server to
> signal the port via a prefix.
>
>
> As a general rule, I think separate ports for TLS-ified versions of
> existing protocols isn’t the right solution and simply wastes ports.
>
> Thinking this through, I don’t think you actually solve the existing
> problem, either.
>
> A client wanting to use your new port 26 would need to fall back to port
> 25 by default if the MTA at the other end didn’t support port 26. As I see
> it, there are the following remote MTA possibilities (ignoring submission
> on 587 and ignoring any possible legacy implementation on 465 for now):
>
> 1. Remote MTA supports port 26 and STARTTLS on port 25.
> 2. Remote MTA supports only port 25 with STARTTLS
> 3. Remote MTA supports only port 25 in clear text
>
> So long as the client will fall back to port 25, you have an identical
> vulnerability to man in the middle attack in all 3 cases:
>
> 1. If port 26 is attempted, Send back a TCP RST or ICMP port unreachable
> message in response to the connection attempt on port 26.
> 2. Conventional STARTTLS Downgrade attack.
>
> If you have some way to remove the need for fallback to port 25, then you
> can in all of those instances simply remove the willingness to communicate
> with an MTA server that does not offer STARTTLS as part of the negotiable
> option set in response to the EHLO, thus eliminating the acceptance of a
> downgrade attack.
>
>
> This proposal offers two ways.
>
> (1) STARTTLS Prefix
>
> Use this prefix only to deal with STARTTLS downgrade issue.
>
> e.g. mx1.example.com should be prefixed like starttls-mx1.example.com.
>
> Where "starttls-" says "Our port 25 supports Opportunistic TLS. So if
> STARTTLS command not found in the EHLO response or certificate is invalid,
> then drop the connection”.
>
>
> (2) SMTPS Prefix
>
> Use this prefix if you wanna support Implicit TLS on port 26 and
> Opportunistic TLS on port 25.
>
> e.g. mx1.example.com should be prefixed like smtps-mx1.example.com.
>
> Where "smtps-" says "We prefer if you connect to our SMTPS in port 26. But
> we also accept mails in port 25. And our port 25 supports Opportunistic
> TLS. So if STARTTLS comman

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

>
> If you are using DNS Records to prevent downgrades anyways,  then there
> should be no need nor valid justification for using an extra port number;
> the
> client SMTP sender can be required to inspect the DNS Record and find in
> the record a signal that TLS is mandatory,  and the smtp client must not
> proceed
> past EHLO  other than to STARTTLS immediately.


Yes that's what I meant in my proposal too.

For example,  I may very well have a host named
> "starttls-mx1.example.com"  today,
> based on current standards which is not used solely for TLS SMTP,   Or
> it might not
> even support TLS SMTP ---  Significance cannot be added to strings in
> the DNS that
> did not exist in the original standard,  due to potential conflicts
> with existing implementations.


Ok. That makes sense.

The DANE Facilities and other IETF drafts address this much more adequately.
> See RFC8461 -- https://tools.ietf.org/html/rfc8461
> RFC 8461 seems to solve the same problem and does a better job.


This proposal just trying to do the job simpler.

Let me copy paste some part I posted in ietf-smtp forum.



DNSSEC already protects my DNS records from spoofing. So I believe all my
DNS records are secure when I enable DNSSEC.

My domain is dombox.org and if I have mx records like

mx1.dombox.org
mx2.dombox.org
mx3.dombox.org
mx4.dombox.org
mx5.dombox.org

then those MX records are already protected from forgery since I have now
enabled DNSSEC.

Now I need to add DANE TLSA record to let the world know that my port 25
supports STARTTLS. So clients can detect downgrade issues.

The TLSA records looks like this.

25._tcp.mx1.dombox.org. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.mx2.dombox.org. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.mx3.dombox.org. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.mx4.dombox.org. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.mx5.dombox.org. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68

I think we can can simplify that part via CNAME record. But, let's not go
there.

Now my first question is, does that "fingerprint" adds any security in a
"Third party CA" system? Or it's there just to be compatible with the DANE
system since DANE is not a mail specific system?

My second question, if my MX records are configured to use google MX
servers (e.g. aspmx.l.google.com) whose job is to configure those DANE TLSA
records?

Google or Me?

I believe it's not my job. Because there is no easy way I can have Google
MX server certificate fingerprint unless google provides it. Even if they
provide it, if google change their certificate for security reasons in the
future, then that's gonna break millions of domains that depends on Google
mail servers. So that would be a poor design.

If I'm not wrong Google is against DNSSEC. So there is no way they are
gonna configure DANE records like this.

25._tcp.aspmx.l.google.com. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.alt1.aspmx.l.google.com. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.alt2.aspmx.l.google.com. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.alt3.aspmx.l.google.com. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68
25._tcp.alt4.aspmx.l.google.com. IN TLSA 3 0 1
ae822a14fd5e56c213eeeb5d676980caf4c3f2531c1ec8eca3076f9b7e68

Hopefully, That is one of the reason why MTA-STS got introduced.

Even if I love DNSSEC and support it in my domain, Google sets the rules
here since I'm relying on their mail hosting. I have no other way, other
than supporting MTA-STS since google is against DNSSEC.

--

You could equally suggest a  SMTP  Banner Pattern for such a feature;
> instead of trying to overload
> the meaning of some DNS label substring.
> 220   smtp.example.com "Welcome to the example.com SMTP Server"
> strict-tls=*.example.com;  max-age=604800; includeSubDomains


It's still vulnerable to MiTM attack right?

Rewrites the MX response to DNS queries   if the record begins with
> "smtps-XXX"  to   "-XXX"
> with the same IP addresses in the additional section  and caches the A
> response  for the  generated hostnames.


My solution is vulnerable to MiTM without DNSSEC. I guess I should update
my proposal saying DNSSEC mandatory. But if you believe the prefix solution
itself flawed, the what's the point.

Thanks for the input. Those are all very helpful comments.

On Sun, Jan 13, 2019 at 11:36 PM Jimmy Hess  wrote:

> On Fri, Jan 11, 2019 at 6:23 PM Viruthagiri Thirumavalavan
>  wrote:
>
> > I'm 

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

Because I saw support from people like Alessandro Vesely for my proposal.

https://mailarchive.ietf.org/arch/msg/ietf-smtp/pSb216OGLuTe31yUzAXtqD2haAo

Then it hit me. Maybe more people like him interested in SMTPS too. So I
have done some research and posted this comment.

https://mailarchive.ietf.org/arch/msg/ietf-smtp/apZ8nBnGpv1aXlFUtbcTjGipA8Q

When I open this thread, I just wanted to make sure we are all on the same
page. I think I even mentioned what IETF thinks when I created this thread.
And asked "I would love to know where you stand on this proposal."

So I opened this thread, just to collect some feedback.

On Mon, Jan 14, 2019 at 8:45 PM Doug Royer  wrote:

> On 1/11/19 10:38 AM, Viruthagiri Thirumavalavan wrote:
> > Hello NANOG, Belated new year wishes.
> >
> > I would like to gather some feedback from you all.
> >
> > I'm trying to propose two things to the Internet Standard and it's
> > related to SMTP.
>
> Your post to this list was (according to the headers):
>  11 Jan 2019 23:08:21 +0530
>
> Yet on the IETF-smtp mailing list at:
>  Wed, 9 Jan 2019 12:29:43 +0530
>
> *You* wrote (in part):
>I'm the guy who proposed SMTP Over TLS on Port 26. Looks like that was
>dead end. So, now coming with another proposal.
>
> Question: Why did you post something on NANOG that you already declared
> to the IETF yourself as a "dead end" 2 days earlier? I read all of the
> IETF emails on this idea. They explained why it is currently a
> no-starter as proposed.
>
> --
>
> Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
> douglasro...@gmail.com
> 714-989-6135
>
>

-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

[Viruthagiri Thirumavalavan]

For the record, I dropped both proposals. I'm working on my personal
projects now. Let's not annoy others by discussing about this anymore.

I wanted to bring Implicit TLS to SMTP. So I had a good intention when I
opened this thread. But things went little crazy due to my another thread.

Many of you gave me your valuable feedback. So I'm convinced now. I really
thank you all for the time.

Have a nice day.

A Zero Spam Mail System [Feedback Request]

[Viruthagiri Thirumavalavan]

Hello Everyone,

My name is Viruthagiri Thirumavalavan. I'm the guy who proposed SMTP over
TLS on Port 26
<https://web.archive.org/web/20190218001439/https://lists.gt.net/nanog/users/202185>
last
month. I'm also the guy who attacked (???) John Levine.

Today I have something to show you.

Long story short I solved the email spam problem. Well... Actually I
solved it long time back. I'm just ready to disclose it today. Again...

Yeah.. Yeah.. Yeah... If only I had a dime for every time people insult me
for saying "I solved the spam problem"

They usually start with the insult like "You think you are the inventor of
FUSSP?"

These guys always are the know-it-all assholes. They don't listen. They
don't want to listen. They are like barking dogs. If one started to bark,
everyone else gets the courage to do the same thing.

I'm tired of fighting these assholes in every mailing list.  I'm on your
side morons. So how about you all knock it off?

Six months back, it was John Levine who humiliated me in the DMARC list.
Apparently, for him 50 words are enough to attack me.

Töma Gavrichenkov and Suresh Ramasubramanian even started to defend this
man saying 50 words are enough to judge a 50,000 words paper.  [We are
gonna figure it out today]

--

@Töma Gavrichenkov

In theory, I can easily recall a few cases in my life when going
> through just 50 words was quite enough for a judgment.


How can you be so sure that you didn't fuck up none of the lives of these
"few cases"? Or in more technical terms, How can you be absolutely sure
that there is no "False Positives"?

--

@Suresh Ramasubramanian

Yes, 50 words are more than enough to decide a bad idea is bad.  You don't
> have to like that, or like any of us, but facts are facts


Merely appending the text "facts are facts" not gonna convert a bullshit
statement into a fact.

You know what's the meaning of the word "fact"? It's a statement that can
be proved TRUE.

Let's do a little experiment. 100 researchers presents their lifetime work
to us. Each of their research paper contain 50,000 words. We are gonna
judge them.

You are gonna judge them based on only the first 50 words. And I'm gonna
judge them by tossing a coin. Can you guess who is gonna fuck up less
number of researcher lives?

I'm claiming that I solved the email spam problem. If that's true, then you
should know, common sense is one of the very basic requirement for that.

I designed my email system. Every inch of it. I wrote my research paper.
Every word of it. I made my prototype video. Every second of it. So I'm the
captain of my ship. Not you. But you all think you know my system better
than me? That too, with only 50 words?

My research paper has around 50,000 words. And you think 50 words are
enough to judge my work? Let me make sure I get this right. You are all
saying, you know what's in the rest of the 49,950 words based on only the
first 50 words? That's stupid on so many levels.

If you are gonna do a half-assed job and relay that misinformation to
thousands of people, why volunteer in the first place? And by the way, by
saying you are all doing half-assed job, I'm actually insulting the people
who are REALLY doing the half-assed job.

--

John Levine vs. me

One month back, some of you may have noticed a thread created by John Levine
<https://web.archive.org/web/20190218001726/https://lists.gt.net/nanog/users/202213>
where he goes like "He's Forum Shopping". The whole gist of that message
was "We already have DANE and MTA-STS. We don't a third solution". And then
I used some harsh words to defend myself. But that was the Season 2 of his
"Shitshow". The Season 1 was aired 6 months back. You all missed that show.
This is what happened in Season 1.


   1. Six months back, I posted on three mailing list saying "I solved the
   email spam problem" and asked them to provide feedback on my invention.
   Those three mailing lists were SPF, DKIM and DMARC. That's because my
   solution relied on them and those three were the only email related mailing
   lists I knew at that time.
   2. In DMARC community, John Levine started to insult me after reading
   only the first 50 words.
   3. Dave Crocker joined the cast and did a flawless job on abusing me. He
   asked me to kill my project. I told him he is being rude. And this is what
   he replied for that <https://www.dombox.org/nanog/dave.png>. He is one
   of the most radical and ignorant person I have seen in tech. He didn't even
   stop for a moment and think "Am I attacking an Innocent person?". He even
   went to other mailing lists to attack me. He abused all his power and kept
   on attacking me jus

Re: A Zero Spam Mail System [Feedback Request]

[Viruthagiri Thirumavalavan]

Just gone through all your replies.

Literally everyone attacking me here. Could you tell me why? Because I have
been rude to John Levine, right? So you all think you have the right to
give me "mob justice". But as an innocent man I have to suffer all John
Levine attacks because he is a most valued member of NANOG. Is that what
you are all saying?

There is only one regret I have in this situation. I shouldn't have been
rude with Töma Gavrichenkov and Suresh Ramasubramanian. That's because they
didn't know what happened between John and me 6 months back. Most probably
they would never have behaved with me in the way John behaved. I wasn't
paying attention to that part. When I noticed the word "50 words", I
thought they are mocking me too.

-
@Töma Gavrichenkov and Suresh Ramasubramanian

I don't think I can go back and correct my mistakes. But trust me. I do
regret for my words. I'm really sorry for being rude with you two. Take
this as my sincerest apology. You two deserve that.
-

@Everyone

It sucks when you sit on the "humiliation" chair when the mistake is not
yours. I'm a farmer's son from a third world country, yet trying to
contribute to this world in the way I can.

Asking for feedback is not a mistake. But I have been attacked in multiple
lists for that. This is the only thread I was rude and cocky.

What you all think I spend my time only in attacking others? Have you ever
noticed my other threads ? I
usually give respect to everyone. But I can't give respect to people who
don't care about others feelings. What you all think, I'm a heartless man?

One guy was attacking me for my poor english skills. Excuse me for not
being poetic in my paper. I studied in my local language. English was an
alien language to me. I started to learn "English" only in my early
twenties. I just turned 30. This is what I picked in the past 10 years.

Just because the ball is in your court doesn't mean, you all can throw at
me in the way you can. I explained what happened between John Levine and me
in my original post. That's because I don't want this man to go and create
another thread to attack me or meddle in my efforts.

I'm a guy who spend day and night in working on things I believe. I'm
definitely not gonna turn into a Mark Zuckerberg. But I'm gonna make a
difference to this world one way or another.

None of never completed my paper. Most probably you have no idea what's in
it. But you all think you have the right to attack me, because I was rude
with John? This is an engineering community. Don't convert it into a
"Prison Brotherhood" where the new guy always has to bend over.

Re: A Zero Spam Mail System [Feedback Request]

[Viruthagiri Thirumavalavan]

Thanks James for the feedback.

I created that medium post for non-technical audience. But yes your
feedback is quite valid. I just removed plenty of content from the blog
post.

You don't need a throw-away email account in my system.

If I had to create an entry for each domain I wanted to received mail from
> I'd pull my eyes out with frustration.


You would do this only for the unique domains just like you do in "Password
Manager". For example, you would create a box for nanog.

We deal with "spammers" only in the "injection" phase. If you have not read
until the part where it says "Hot Gates Strategy", then it's really hard to
connect the dots.

Thanks

On Mon, Feb 18, 2019 at 2:21 PM James Bensley  wrote:

>
>
> On 18 February 2019 06:58:21 GMT, Viruthagiri Thirumavalavan <
> g...@dombox.org> wrote:
> >Just gone through all your replies.
> >
> >Literally everyone attacking me here. Could you tell me why? Because I
> >have
> >been rude to John Levine, right? So you all think you have the right to
> >give me "mob justice". But as an innocent man I have to suffer all John
> >Levine attacks because he is a most valued member of NANOG. Is that
> >what
> >you are all saying?
> >
> >There is only one regret I have in this situation. I shouldn't have
> >been
> >rude with Töma Gavrichenkov and Suresh Ramasubramanian. That's because
> >they
> >didn't know what happened between John and me 6 months back. Most
> >probably
> >they would never have behaved with me in the way John behaved. I wasn't
> >paying attention to that part. When I noticed the word "50 words", I
> >thought they are mocking me too.
> >
> >-
> >@Töma Gavrichenkov and Suresh Ramasubramanian
> >
> >I don't think I can go back and correct my mistakes. But trust me. I do
> >regret for my words. I'm really sorry for being rude with you two. Take
> >this as my sincerest apology. You two deserve that.
> >-
> >
> >@Everyone
> >
> >It sucks when you sit on the "humiliation" chair when the mistake is
> >not
> >yours. I'm a farmer's son from a third world country, yet trying to
> >contribute to this world in the way I can.
> >
> >Asking for feedback is not a mistake. But I have been attacked in
> >multiple
> >lists for that. This is the only thread I was rude and cocky.
> >
> >What you all think I spend my time only in attacking others? Have you
> >ever
> >noticed my other threads <https://lists.gt.net/nanog/users/202185>? I
> >usually give respect to everyone. But I can't give respect to people
> >who
> >don't care about others feelings. What you all think, I'm a heartless
> >man?
> >
> >One guy was attacking me for my poor english skills. Excuse me for not
> >being poetic in my paper. I studied in my local language. English was
> >an
> >alien language to me. I started to learn "English" only in my early
> >twenties. I just turned 30. This is what I picked in the past 10 years.
> >
> >Just because the ball is in your court doesn't mean, you all can throw
> >at
> >me in the way you can. I explained what happened between John Levine
> >and me
> >in my original post. That's because I don't want this man to go and
> >create
> >another thread to attack me or meddle in my efforts.
> >
> >I'm a guy who spend day and night in working on things I believe. I'm
> >definitely not gonna turn into a Mark Zuckerberg. But I'm gonna make a
> >difference to this world one way or another.
> >
> >None of never completed my paper. Most probably you have no idea what's
> >in
> >it. But you all think you have the right to attack me, because I was
> >rude
> >with John? This is an engineering community. Don't convert it into a
> >"Prison Brotherhood" where the new guy always has to bend over.
>
>
> I have no idea who you are, or who John is, or what sort if disagreement
> you guys had. I also don't care. I'm a user of this list, I read the
> threads that look interesting when I can (when I have time) and sometimes
> post responses. You haven't offended me and I don't owe you anything, so
> here is my impartial response;
>
> Your white paper is 300 pages long. That is literally 10x the length of
> what a white paper should be. White papers are not instruction manuals on
> exactly how something works and how to set it up, they're short succinct
> documents that g

Re: A Zero Spam Mail System [Feedback Request]

[Viruthagiri Thirumavalavan]

@Everyone

I'm not gonna justify my behaviour. Yes my post was rude. I made a mistake.
I was way over in my head. When I typed the original message I was obsessed
with the man John Levine. He was responsible for the attacks on me in 4
mailing lists. DMARC, DKIM, IETF and this one (the old thread).

I didn't want to face the same thing again. So I was rude. I'm not gonna
make him responsible for this thread. This one is my mistake. I could have
been more professional in my original post.  But I screwed up.

My apologies to everyone here for making you witness my rant. I'm leaving
this mailing list too. But if anyone complete my white paper in the future,
I would love to hear your feedback. I won't be receiving any mails from
nanog. So contact me off-list in that case.

Thanks for the guys who helped in my other threads.

Good luck to you all.