ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Proposal for transition to authenticated email

2003-05-02 08:39:21
from [Eric D. Williams] [Permanent Link] 
Has anyone taken a look at the headers of the asrg mailing list messages to 
their machine?  I just did, and think that we could use them as sort of a basis 
argument for eMail list handling of maillist traffic and/or originator 
identification.  What bothers me is the boundary where origination is defined. 
 I could 'take as gospel' the header information and validate origination based 
on that OR, perform checks against some not yet defined MTA MAC scheme, or 
perform content inspections, etc, etc...  While all of those are viable (albeit 
may be not practical methods in all circumstances) each has it's own 
shortcomings.

1) Message headers can be forged up to the last hop.
2) MTA MAC checks could be CPU intensive for large sites and/or 
non-approachable by small sites (border MTA's)
3) Content Inspection same as 2, but with the added twist of third party 
reliance or roll-your-own.
...

You get the point?  Focusing on single point solutions to multi-vector problems 
is hard (IMHO ill-advised) on its face.  Perhaps we are all correct, in fact 
maybe the framework or architecture of the system is the most salient 
discussion and not the implementation specifics.  I am not trying to just shoot 
my mouth off here, but it seems that many threads of discussion get too deep 
too fast and we may be missing the big picture.

my $.02

-e

On Thursday, May 01, 2003 10:30 AM, Tom Thomson 
[SMTP:tthomson(_at_)neosinteractive(_dot_)com] wrote:
8<...>8

I think the problem you have with proposals for authenticated email is a
simple one - the same problem you have with the RMX proposal:  you simply
don't want a reliable way of tying spam to its originator, you would rather
play with interesting methods of detecting spam and filtering it out. I
don't know whether that's because you don't see the usefulness of being able
to identify the originator, or because you find detecting bulk mail a fun
passtime, or because you think RFC 2821 is holy writ and not a comma may be
moved on pain of burning in hell throughout eternity for fould heresy and
blasphemy.  It has to be one of those three, I can't imagine another reason.

8<...>8

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] A New Plan for No Spam / Velocity Indicator, Eric D. Williams
Next by Date:  RE: [Asrg] A New Plan for No Spam / Velocity Indicator, Eric D. Williams
Previous by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Jim Youll
Next by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Scott Nelson
Indexes:  [Date] [Thread] [Top] [All Lists]