ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: RMX Records

2003-03-04 13:00:45
from [Adam Back] [Permanent Link] 
On Tue, Mar 04, 2003 at 10:28:39AM +0100, Hadmut Danisch wrote:

Adam Back wrote:

Also I'm not sure as another poster noted how much it even helps:
disposable ISP free accounts (AOL CD syndrome) are a major source,
with RMX the problem is not even improved.


I don't see the problem. If anyone uses such a CD, she is still 
limited to the aol domain and can't send e.g. as @hotmail.com or
@danisch.de. 


The problem is forcing everyone to jump through the hoop of having
valid RMX records does not stop spam.  

It just stops people sending mail from addresses without RMX records
delegating that they are allowed to (which incidentally breaks a lot
of existing functionality).

So already there is commonly some Received header giving the
information about who sent the mail.  That From headers may be
slightly harder to forge under RMX doesn't change the problem.

The problem is that spammers systematically abuse ISP AUPs.  The ISPs
already have AUPs, they already routinely correlate spam attacks to
given users and terminate accounts.  RMX does _nothing_ about spam
other than offer another route to tracing the ISP.  It also has the
unrelated and tangential effect of making certain types of forgeries
harder / breaking some times of existing functionality (where the
"forgery" is the functionality -- making the From address your desired
Reply-To: all mail I've sent for the last 5 years has been of this
form).

We know from long experience that laws, and after the fact enforcement
of AUPs don't solve the problem.  That is the status quo.


Second is, under german - and I believe under european - law 
ISPs are required to state their customers identity. I guess
the same will come in the USA after 9/11. It will become
more and more difficult to have anonymous access to the internet.


And this is a bad thing for end-users.  

Your approach to slowing spam is to punish end-users by stripping them
of privacy, and the convenience of trial-offer CDs from ISPs.


Third, when a thing like RMX comes to fly, anonymous customers will
have to find a RMX covering the AOL addresses in order to send
spam. There will be very few domains doing so, maybe just
aol.com. If AOL goes on with supporting spam, they will be
blacklisted (which is effective in this case). They will have to
solve the problem.


So how will anyonymous users who want anonymity for privacy send mail
in this world.

Adam
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] filtering at connect time, David F. Skoll
Next by Date:  Temp-failing first-time unknowns (was Re: [Asrg] filtering at connect time), David F. Skoll
Previous by Thread:  DNS is broken, and by extension so is RMX (Re: [Asrg] Re: RMX Records), Adam Back
Next by Thread:  Re: [Asrg] Re: RMX Records, Hadmut Danisch
Indexes:  [Date] [Thread] [Top] [All Lists]