On Tue, Mar 04, 2003 at 10:49:50AM -0700, Vernon Schryver wrote:
- text filtering can give failure indications during SMTP transactions.
There are many examples of such systems, including some installations
of SpamAssassin, the DCC, and many uses of the sendmail milter
mechanism.
I don't know of any text filtering that works reliably and reasonable.
That's a kind of content security that just reduces the channel
bandwith (seen from an information theory point of view).
And, I believe that is is a bad idea to perfom text analyse _while_
receiving the message. Message transfer should be as fast as possible
and should not suffer from any external delay. And it is not always
possible because some formats can be decoded/uncompressed only when
they are complete.
I don't like text analysis while receiving the message. And I am
not really convinced about such content methods.
- whether mail is solicited cannot be determined by examining headers,
cryptographic checksums, or anything in a message. Solicited mail
is not only mail in response to previous mail, and not only
because
I didn't mean that only those mails are solicited which are a direct
reply. I guess that such mails are solicited, but they are not the
only ones.
- most talk of "header forgery" is confused. The best demonstration
of that fact was a recent message to this mailing list that talked about
people "forging" their own addresses. That makes no sense given
the English definition of the verb "to forge." You cannot "forge"
your own name or address.
Sure you can. Don't use the "English definition". Use the "Security definition".
It means that you can just insert any address without any
authorization step. If you can do it, so anyone else can do it as
well. There must be some technical difference introduced between the
one who is allowed to use an address, and all others. That's the point.
The problem is that many and perhaps most so called "forged" mail
From addresses in spam are no more "forged" than the home return
address you put on picture postcards while on vacation.
I've never received a postcard asking me to buy any nonsense and
labeled with a wrong sender address. I received hundreds of such e-mails.
That the free mail provder of the mailbox has cancelled a spammer's
account does not make the use of the mailbox "forgery" any more
than your use of a hotel's address is forgery the day before you
arrive or the day after you leave.
I can't follow you. Many spam messages I've received had sender
addresses which _never_ existed. I know that a little bit more than
a year ago millions of mails have been sent with several sender
addresses (_dot_)(_dot_)(_dot_)(_dot_)(_at_)danisch(_dot_)de Since this is
my own domain, I'm pretty
sure that these accounts never existed. Spam sender addresses are not
cancelled accounts, they are just random addresses.
- PKI, X.500, PGP, SMIME, and all other authentication mechanisms
are irrelevant to stopping spam. It is not only that the amazing
story in http://www.cert.org/advisories/CA-2001-04.html demonstrates
that it is impossible for $350/certificate to check the identity
of certificate holders. It is that a fundamentail design goal of
SMTP is to allow strangers to send each other mail.
That's the problem we're here to solve. It's our job to change it,
not to accept it.
If you are willing to accept a message from a complete stranger, then
it makes no sense to talk about authenticating the stranger. Strangers
are people you don't know and cannot trust to not be sending you and
500,000,000 of your closest friends the same message.
That's a cultural dependant point of view. The european approach is
that you can identify everybody, even a complete stranger, and that
you know who was sending you rubbish. If 1% of the recipients complain
or get into legal steps, the sender faces 5,000,000 opponents. But
you need to know the identity of the sender before.
- There is a single, common definition of spam that works. It is
"unsolicited bulk mail." "Unsolicited" is determined by the target
unless the sender has creditable evidence that the target asked for the
mail. "Bulk" is some number of substantially identical messages usually
more than a dozen.
How do you want to detect whether a mail was sent to at least 10,000
other people without violating their privacy? And if you are one of
the unlucky first 10,000 receivers, then it is not yet spam?
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg