Murray Kucherawy

Last updated February 25, 2024

Murray S. Kucherawy is a computer scientist, mostly known for his work on email standardization and open source software.

He originated in Canada where he studied Mathematics, specializing in Computer Science, Combinatorics and Optimization at the University of Waterloo, earning a Bachelor's degree in 1994.

He worked for several Internet companies, including Sendmail, Cloudmark, and Facebook, which is his current employer (as of 2022).^[1] At the same time, he led several IETF working groups, including MARF, WEIRDS, and DMARC. He also wrote several RFCs (see below) and papers.^[2]^[3] In concert with such activity, he created various open source software packages, including OpenDKIM and OpenDMARC, in the framework of The Trusted Domain Project.

IETF contributions

RFC 5451, Apr 2009, Message Header Field for Indicating Message Authentication Status
RFC 5965, Aug 2010, An Extensible Format for Email Feedback Reports
RFC 6008, Sep 2010, Authentication-Results Registration for Differentiating among Cryptographic Results
RFC 6212, Apr 2011, Authentication-Results Registration for Vouch by Reference Results
RFC 6376, Sep 2011, DomainKeys Identified Mail (DKIM) Signatures
RFC 6377, Sep 2011, DomainKeys Identified Mail (DKIM) and Mailing Lists
RFC 6522, Jan 2012, The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages
RFC 6541, Feb 2012, DomainKeys Identified Mail (DKIM) Authorized Third-Party Signatures
RFC 6577, Mar 2012, Authentication-Results Registration Update for Sender Policy Framework (SPF) Results
RFC 6590, Apr 2012, Redaction of Potentially Sensitive Data from Mail Abuse Reports
RFC 6647, Jun 2012, Email Greylisting: An Applicability Statement for SMTP
RFC 6650, Jun 2012, Creation and Use of Email Feedback Reports: An Applicability Statement for the Abuse Reporting Format (ARF)
RFC 6651, Jun 2012, Extensions to DomainKeys Identified Mail (DKIM) for Failure Reporting
RFC 6686, Jul 2012, Resolution of the Sender Policy Framework (SPF) and Sender ID Experiments
RFC 6692, Jul 2012, Source Ports in Abuse Reporting Format (ARF) Reports
RFC 6729, Sep 2012, Indicating Email Handling States in Trace Fields
RFC 7001, Sep 2013, Message Header Field for Indicating Message Authentication Status
RFC 7070, Nov 2013, An Architecture for Reputation Reporting
RFC 7071, Nov 2013, A Media Type for Reputation Interchange
RFC 7072, Nov 2013, A Reputation Query Protocol
RFC 7073, Nov 2013, A Reputation Response Set for Email Identifiers
RFC 7103, Jan 2014, Advice for Safe Handling of Malformed Messages
RFC 7293, Jul 2014, The Require-Recipient-Valid-Since Header Field and SMTP Service Extension
RFC 7372, Sep 2014, Email Authentication Status Codes
RFC 7410, Dec 2014, A Property Types Registry for the Authentication-Results Header Field
RFC 7437, Jan 2015, IAB, IESG, and IAOC Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees
RFC 7489, Mar 2015, Domain-based Message Authentication, Reporting, and Conformance (DMARC)
RFC 7601, Aug 2015, Message Header Field for Indicating Message Authentication Status
RFC 8478, Oct 2018, Zstandard Compression and the application/zstd Media Type 1 RFC
RFC 8601, May 2019, Message Header Field for Indicating Message Authentication Status
RFC 8617, Jul 2019, The Authenticated Received Chain (ARC) Protocol
RFC 8713, Feb 2020, IAB, IESG, IETF Trust, and IETF LLC Selection, Confirmation, and Recall Process: Operation of the IETF Nominating and Recall Committees
RFC 8878, Feb 2021, Zstandard Compression and the 'application/zstd' Media Type

Related Research Articles

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Sender ID is an historic anti-spoofing proposal from the former MARID IETF working group that tried to join Sender Policy Framework (SPF) and Caller ID. Sender ID is defined primarily in Experimental RFC 4406, but there are additional parts in RFC 4405, RFC 4407 and RFC 4408.q

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

MARID was an IETF working group in the applications area tasked to propose standards for email authentication in 2004. The name is an acronym of MTA Authorization Records In DNS.

The Sender Rewriting Scheme (SRS) is a scheme for bypassing the Sender Policy Framework's (SPF) methods of preventing forged sender addresses. Forging a sender address is also known as email spoofing.

Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed, but forwards mail sent to it to the user's real address.

In computing, Author Domain Signing Practices (ADSP) is an optional extension to the DKIM E-mail authentication scheme, whereby a domain can publish the signing practices it adopts when relaying mail on behalf of associated authors.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

A bounce address is an email address to which bounce messages are delivered. There are many variants of the name, none of them used universally, including return path, reverse path, envelope from, envelope sender, MAIL FROM, 5321-FROM, return address, From_, Errors-to, etc. It is not uncommon for a single document to use several of these names.

Vouch by Reference (VBR) is a protocol used in Internet mail systems for implementing sender certification by third-party entities. Independent certification providers vouch for the reputation of senders by verifying the domain name that is associated with transmitted electronic mail. VBR information can be used by a message transfer agent, a mail delivery agent or by an email client.

<span class="mw-page-title-main">Barry Leiba</span> American computer scientist and software researcher

Barry Leiba is a computer scientist and software researcher. He retired from IBM's Thomas J. Watson Research Center in Hawthorne, New York in February 2009, and now works for FutureWei Technologies as a Director of Internet Standards. His work has focused for many years on electronic mail and anti-spam technology, on mobile computing and the Internet of things, and on Internet standards.

The Abuse Reporting Format (ARF) also known as the Messaging Abuse Reporting Format (MARF) is a standard format for reporting spam via email.

Spam reporting, more properly called abuse reporting, is the action of designating electronic messages as abusive for reporting to an authority so that they can be dealt with. Reported messages can be email messages, blog comments, or any kind of spam.

A TXT record is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information.

Authenticated Received Chain (ARC) is an email authentication system designed to allow an intermediate mail server like a mailing list or forwarding service to sign an email's original authentication results. This allows a receiving service to validate an email when the email's SPF and DKIM records are rendered invalid by an intermediate server's processing.

References

↑ "Murray Kucherawy". LinkedIn . Retrieved 21 March 2022.
↑ J.D. Falk; Murray S. Kucherawy (November–December 2010). "Battling Spam: The Evolution of Mail Feedback Loops". IEEE Internet Computing . 14 (6): 68–71. doi:10.1109/MIC.2010.133. S2CID 11597241.
↑ Andrew Sullivan; Murray S. Kucherawy (May–June 2012). "Revisiting Whois: Coming to REST". IEEE Internet Computing . 16 (3): 65–69. doi:10.1109/MIC.2012.55. S2CID 590733.

This article about a Canadian scientist is a stub. You can help Wikipedia by expanding it.

P ≟ NP

This biographical article relating to a computer scientist is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Murray Kucherawy". LinkedIn . Retrieved 21 March 2022.

[2] J.D. Falk; Murray S. Kucherawy (November–December 2010). "Battling Spam: The Evolution of Mail Feedback Loops". IEEE Internet Computing . 14 (6): 68–71. doi:10.1109/MIC.2010.133. S2CID 11597241.

[3] Andrew Sullivan; Murray S. Kucherawy (May–June 2012). "Revisiting Whois: Coming to REST". IEEE Internet Computing . 16 (3): 65–69. doi:10.1109/MIC.2012.55. S2CID 590733.

[1]

[2]

[3]