At 12:33 PM 2/7/96, Ned Freed wrote:
1. To subscribe to a list, the user sends a request. The list server
sends back a verification request. The subscriber returns a confirmation..
....
Simply put, the problem is that list subscribers hate it and therefore most
list managers cannot reasonably use it. As such, it's a nonstarter more often
I've had a number of list servers impose this on me, including a
'renewal' notice sent periodically and requiring that I respond to stay on
the list. These require nothing more than hitting the Reply command since
they information tag is in the subject line. I'm generally pretty
sensistive to hassles generated by computers and found my own reaction not
all that negative.
In any event, we have an emerging, large-scale problem. We need to
find some workable solutions. This will require adjustments for us all.
Adjustments doesn't mean massive changes to a draconian set of mechanisms,
but it does mean that the old world we've lived in is changing.
That does not, of course, mean the this specific mechanism is
essential, but I do believe it improves the integrity of the data base
rather substantially. The side effect, then, is to reduce bounces.
2. Those who are registered can send messages freely. Those who are not
have their messages channeled to the list moderate who decides whether to
forward the message or not. One could elaborate this, further, by having
non-registered email ALSO get a verification request from the server before
sending it on to the moderator. This would filter deprivation of service
....
The sender verification step suffers from the problems #1 has only more so --
people posting to lists *really* hate it and simply won't post if it is used.
(I personally can tolerate #1 but won't accept this variant of it.) As for
Let me get this straight. A mechanism which detects and
unregistered, first time poster and sends a verification note which
requires nothing more than your hitting Reply is too much overhead?
For large, open lists this seems to me a reasonable compromise.
No, I'm not in love with it, but the incremental effort strikes me as
pretty reasonable. I guess we differ on our assessment.
having a moderator review messages received from people not subscribed to the
list, this depends on having a moderator willing to perform the task. Such
moderator resources are in scarce supply. Also keep in mind that the burden
placed on the moderator is FAR greater than anticipated, as postings from
Yup. This is definitely an issue. That's why I would assume that
a list of verified, unregistered posters would be maintained. It should
reduce the steady-state overhead considerably. (No, not to zero.)
Finally, please note that the attack I previously described blows past all
this
with ease, since it builds a list of addresses that are known to be subscribed
to the list in an automated way. I dealt with a use of this attack this
morning
-- it is the first case I have seen. This will never be as common as more
simpleminded techniques, but it will not remain unknown for much longer.
Here's where I need to eat a bowl of crow. I entirely missed the
fact that legitimate addresses were being spoofed. And yes, none of the
above prevents such an attack.
The only thing I can think of is some sort of path validation by
scrutinzing Received headers and offhand I haven't a clue what the
algorithm needs to look like, if it is to be robust in the face of
alternate routing for legitimate mail.
Gad but this would all be so much simpler if we had reasonable
authentication deployed.
d/
--------------------
Dave Crocker +1 408 246 8253
Brandenburg Consulting fax: +1 408 249 6205
675 Spruce Dr.
dcrocker(_at_)brandenburg(_dot_)com
Sunnyvale CA 94086 USA http://www.brandenburg.com
Internet Mail Consortium http://www.imc.org,
info(_at_)imc(_dot_)org