Bounce Address Tag Validation


In computing, Bounce Address Tag Validation is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to forged return addresses.

Overview

The basic idea is to send all e-mail with a return address that includes a timestamp and a cryptographic token that cannot be forged. Any e-mail that is returned as a bounce without a valid signature can then be rejected. E-mail that is being bounced back should have an empty return address so that bounces are never created for a bounce and therefore you can't get messages bouncing back and forth forever.
BATV replaces an envelope sender like mailbox@example.com with prvs=tag-value=mailbox@example.com, where prvs, called "Simple Private Signature", is just one of the possible tagging schemes; actually, the only one fully specified in the draft. The BATV draft gives a framework that other possible techniques can fit into. Other types of implementations, such as using public key signatures that can be verified by third parties, are mentioned but left undefined. The overall framework is vague/flexible enough that similar systems such as Sender Rewriting Scheme can fit into this framework.

History

Sami Farin proposed an Anti-Bogus Bounce System in 2003 in news.admin.net-abuse.email, which used the same basic idea of putting a hard to forge hash in a message's bounce address.
In late 2004, Goodman et al. proposed a much more complex "Signed Envelope Sender" that included a hash of the message body and was intended to address a wide variety of forgery threats, including bounces from forged mail. Several months later, Levine and Crocker proposed BATV under its current name and close to its current form.

Problems

The draft anticipates some problems running BATV.
There are also problems that prevent BATV systems from eliminating all backscatter.