ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] How to defeat spam that uses encryption?

2003-04-01 15:23:35
from [J C Lawrence] [Permanent Link] 
On Tue, 01 Apr 2003 16:47:06 -0500 
Jason Hihn <jhihn(_at_)paytimepayroll(_dot_)com> wrote:


Boffo's MUA auto-replies with a token (which is really a dated source
address).



Thus verifying the existence of the receiver...


...


Boffo can sell the address to spammers, who will get a first
provisional token, have it revoked and then change their identity and
get a new one.  Boffo can do that too.


Yes-ish, tho I suspect that verification of the validity/existence of an
address is not worth much any more.  The requirement for operating the
domain and MX for the duration of the process may be difficult.

More interestingly (for me) what it doesn't address are slow rolling or
distributed campaigns.  Consider:

  Spammer registers and operates a few thousand domains (which is really
  not that expensive).

  Sub domains of those engage in a slow rolling process of generating a
  consent request and sending individual spams at a rate of a hundred
  per day per machine (messages are individualised to for hash
  stomping).

  As a pack they can deliver many millions of spam a day, but avoid any
  appearance of concentration at recipients by hash distribution across
  the cluster.


List servers and legit marketing groups the like can auto-establish
the token arrangement at subscribe time, and auto-renew as tokens
expire.



Looks like you've just reimplemented DHCP but for mail? (Leases
essentially)


Yup, that too.


I see one possible future is analogous to TCP between consenting
parties, and UDP between non-consensual ones. Consenting parties tent
not to mind to know each other (usually) and with non-consensual ones
the receiver should not have to be known to exist. Your scheme
requires that.


Ahh, use pseudo-UDP for initial contact and pseudo-TCP for exchanges
among friends, with promotion or degradation across barrier being
controlled by that end of the pipe...  Cute.  That rather requires
building in double-blind anonymous operation at the core...

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw(_at_)kanga(_dot_)nu               He lived as a devil, eh?           
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] spamstones, Liudvikas Bukys
Next by Date:  Re: [Asrg] spamstones, Vernon Schryver
Previous by Thread:  RE: [Asrg] How to defeat spam that uses encryption?, Jason Hihn
Next by Thread:  RE: [Asrg] How to defeat spam that uses encryption?, Jason Hihn
Indexes:  [Date] [Thread] [Top] [All Lists]