ietf-asrg
[Top] [All Lists]

Re: [Asrg] [Asr?g] Legal side track

2003-04-16 19:16:55
On Tue, Apr 15, 2003 at 08:03:43PM -0600, John Fenley wrote
From: waltdnes(_at_)waltdnes(_dot_)org

 In plain English, this is an ugly/dirty war, and if you insist on
using Marquis of Queensbury rules against a dirty opponent who doesn't,
you will end up losing the war.  I don't want to lose the war.

Fighting cleanly is the only way to truly win.

There are only 3 flaws I can find in my "clean" system now.

1. Spoofed addresses
Spoofing addresses will only work if the spoofed address has a large 
subscriber list. That will be tough to deal with.

3. resistance to Challenge/Response(which i don't see as a problem)
Once people get used to it, it will be like second nature.

  The *ONLY* way it'll work will be as a pseudo-reject at the SMTP
stage, e.g. a "950 Challenge: blah, blah, blah" message, which will be
seen by legitimate senders, and replied to.  If it's at the MUA level,
then innocent 3rd parties will get mailbombed.  Think orders of
magnitude in excess of...

Mar 29 04:09:20 manson filt-smtpd[15474]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 29 04:09:41 manson filt-smtpd[15486]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 29 04:10:13 manson filt-smtpd[15527]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 30 05:04:58 manson filt-smtpd[11931]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 30 05:05:11 manson filt-smtpd[11937]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 30 05:05:25 manson filt-smtpd[11977]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 30 05:05:57 manson filt-smtpd[11990]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 30 05:06:11 manson filt-smtpd[12007]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 31 01:54:03 manson filt-smtpd[19607]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 31 01:54:06 manson filt-smtpd[19608]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]
Mar 31 01:54:35 manson filt-smtpd[19643]: DENYMAIL: 
(tim(_at_)mailkey(_dot_)com) -> (waltdnes(_at_)waltdnes(_dot_)org) 
[217.199.183.18]

  For real shits and giggles...

  - Spammer somewhere on the net sends a spam "From:" a forged address
    of joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com to 
john(_dot_)smith(_at_)foobar(_dot_)invalid
  - john(_dot_)smith(_at_)foobar(_dot_)invalid uses challenge/response.  His 
MUA sees a
    non-whitelisted "From:" address and sends a challenge to
    joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com
  - joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com  uses challenge/response.  
His MUA sees a
    non-whitelisted "From:" address and sends a challenge to
    john(_dot_)smith(_at_)foobar(_dot_)invalid
  - john(_dot_)smith(_at_)foobar(_dot_)invalid challenges 
joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com
  - joe(_dot_)blow(_at_)bad(_dot_)example(_dot_)com  challenges 
john(_dot_)smith(_at_)foobar(_dot_)invalid
  - ...do you see the problem here ?

-- 
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
An infinite number of monkeys pounding away on keyboards will
eventually produce a report showing that Windows is more secure,
and has a lower TCO, than linux.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg