[Top] [All Lists]

Re: making mail traceable

2004-01-21 10:50:06

either way, the spam is traceable to an account that is associated with
you.  recipients of the message can complain to whichever ISP issued
the originator-id field, and that ISP will figure out pretty quickly
that you're a spammer, and blacklist you.

This is true. But how big a loss is it to loose one account at one
public email provider when you can have the next account anonymous in 10

If you ask the ISP about an originator-id that is associated with a spammer, the ISP will tell you that this account has been used for spamming.

Similarly if you ask the ISP about the originator-id associated with an anonymous account, the ISP will tell you that the account is anonymous. (or more likely, that the ISP doesn't have any reliable information about who owns that account).

Of course this does depend on the ISP being willing to provide a query service that provides information about originators of mail. mail from ISPs that don't do that (or that provide false information about senders) will continue to be dealt with by cruder mechanisms like site blacklisting. The intent of this proposal is to provide a more fine-grained way of marginalizing spammers than to blacklist the entire ISP or site where the message originated.

the real trick is to prevent the other kind of attack - some miscreant
wants to discredit some vendor, so they take a single message that the
vendor sent legitimately and re-send it to a few million people.  we
need to make sure that the message is traced to the miscreant, not the

Currently all discuss methods where a MTA builds a hash over a
message and sends it on. How about if the MTA incorporates into the hash
the name/address of the MTA it will deliver the email to and adds this
hash information to the message as it is sent?

I'd like to find a better way.

It's much more difficult to build a whole chain of verifiable postmarks than it is to verifiably associate a message with a sender. If the scheme relies on every MTA in the path being upgraded in order to work, it's going to be very difficult to deploy this widely enough that any benefit will be realized.

Originator-id is really just a stronger version of what is already widespread practice - many ISPs add some tag or another to a message before forwarding it to the net just to make it easier for themselves to track down reports of spam. And I don't think it would be difficult for tools like spamassassin to recognize originator-ids, validate them, and use this in their criteria for determining whether a message was spam. Both of these are relatively simple changes to functionality that already exists. OTOH upgrading every single MTA would be very, very difficult.