Certified Server Validation

Certified Server Validation

Certified Server Validation (CSV) is a technical method of Email authentication intended to fight spam. Its focus is the SMTP HELO-identity of Mail transfer agents.

CSV was designed to address the problems of MARID and the ASRG, as defined in detail as the intent of Lightweight MTA Authentication Protocol (LMAP) in an expired ASRG draft.

As of January 3, 2007, all Internet Drafts have expired and the mailing list has been closed down since there had been no traffic for 6 months.

Principles of Operation

CSV considers two questions at the start of each SMTP session:

  • Does a domain's management authorize this MTA to be sending email?
  • Do reputable independent accreditation services consider that domain's policies and practices sufficient for controlling email abuse?

CSV answers these questions as follows: to validate an SMTP session from an unknown sending SMTP client using CSV, the receiving SMTP server:

  1. Obtains the remote IP address of the TCP connection.
  2. Extracts the domain name from the HELO command sent by the SMTP client.
  3. Queries DNS to confirm the domain name is authorized for use by the IP (CSA).
  4. Asks a reputable Accreditation Service if it has a good reputation (DNA).
  5. Determines the level of trust to give to the sending SMTP client, based on the results of (3) and (4)

If the level of trust is high enough, process all email from that session in the traditional manner, delivering or forwarding without the need for further validation. If the level of trust is too low, return an error showing the reason for not trusting the sending SMTP client. If the level of trust is in between, document the result in a header in each email delivered or forwarded, and/or perform additional checks.

If the answers to both of the questions at the top of this article are 'Yes', then receivers can expect the email received to be email they want. Mail sources are motivated to make the answers yes, and it's easy for them to do so (unless their email flow is so toxic that no reputable independent accreditation service will vouch for them). CSV is designed to be efficient and elegant, and in this respect it certainly beats SPF's coverage of HELO identities.

Client SMTP Authorization (CSA) was a proposed mechanism whereby a domain admin can advertise which mail servers are legitimate originators of mail from his/her domain.

This is done by providing appropriate SRV RRs in the DNS infrastructure.

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Microsoft Certified Professional — (MCP) is a program of Professional certifications awarded by Microsoft. Individual certifications are awarded upon passing of one or more exams. The MCP program itself is designed for both IT Professionals and developers. Beneath the MCP program… …   Wikipedia

  • List of FTP server software — Notable implementations of FTP servers (organized by the nature of the interface used to configure them) include: Contents 1 Graphical 2 Console/terminal based 3 Libraries 4 See also …   Wikipedia

  • CSV — may refer to: Clerics of Saint Viator Common Stored Value Ticket Confederación Sudamericana de Voleibol Character Strengths and Virtues Christian Social People s Party Community Service Volunteers GM U platform, a minivan made by General Motors… …   Wikipedia

  • CSV — Die Abkürzung CSV steht für: Certified Server Validation, eine vorgeschlagene technische Methode zur Spam Vermeidung Comma Separated Values oder Character Separated Values, ein Dateiformat, siehe CSV (Dateiformat) Christlich Soziale Volkspartei… …   Deutsch Wikipedia

  • Csv — steht für: Certified Server Validation, eine vorgeschlagene technische Methode zur Spam Vermeidung Character Separated Values oder Comma Separated Values, siehe CSV (Dateiformat) Chrëschtlech Sozial Vollekspartei (Christlich Soziale Volkspartei) …   Deutsch Wikipedia

  • Oracle Database — Developer(s) Oracle Corporation Development status Active Written in …   Wikipedia

  • Criticism of Windows Vista — This article is about the criticism that applies specifically to Vista. For criticism applying to several or all versions of Microsoft Windows, see Criticism of Microsoft Windows. This article is part of a series on Windows Vista New features… …   Wikipedia

  • CompTIA — Computer Technology Industry Association Abbreviation CompTIA Motto Advancing the Global IT Industry Formation January 1, 1982 …   Wikipedia

  • List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y …   Wikipedia

  • Network Security Services — Developer(s) AOL, Red Hat, Sun Microsystems, Oracle Corporation, Google and others Stable release 3.12.8 / September 23, 2010; 13 months ago (2010 09 23) …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”