ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] RMX proposals and Nash Equilibrium

2003-05-04 14:18:22
from [Mike Rubel] [Permanent Link] 

On Sat, 3 May 2003, Daniel Feenberg wrote:

If the proposal starts to gain some traction - say a few large sites start
to enforce RMX requirements were the MAIL FROM: address matches a site
supporting RMX records. Very soon spammers would learn not to use hotmail
return addresses, and what happens then? It won't cost them any more to
use an non-participating site as the MAIL FROM: address. They might pick
mine, which would give me a real incentive to register.

But there are millions of possible names. Spammers could use all of them -
they already have them, after all. At that point the incentive for sites
to check incoming mail is greatly reduced.


Dear Daniel,

This is a very interesting analysis.  May I raise an objection though?

Combating spam is not the only incentive for sites to check RMX on
incoming mail.  The other incentive is to avoid being misled.  I would
argue, for example, that it is more important to correctly identify a
forgery claiming to come from (for example) one of a site's software
providers, business partners, or family members than it is to correctly
discern forgeries from other, unrelated sites or people.  This factor
means recipients are more likely to check RMX than a pure spam-rejection
analysis would suggest.

If the equilibrium is high enough, mail coming from a non-RMX site would
have a significantly higher probability of being spam, meaning filters
like spamassassin would give it a lower rejection threshold.  This factor
gives all senders (including those for which the first argument doesn't
apply) a strong incentive to implement RMX.

Overall, I think that the equilibrium RMX penetration would be much higher
than you suspect, but since neither of our analyses are quantitative,
we'll just have to see.  :)


Compare this to connection IP address based blacklists of open relays.


And yet it does not appear that IP blacklists will resolve the spam
problem either.  There are too many exploitable machines on the `net, and
too many exploits being discovered daily.  I believe there is a consensus
that the only way to fix this problem in the long term is through a
cocktail of attacks--intelligent filters, blacklisting of relays, improved
accountability of SMTP through RMX, and governmental pressure.

Mike

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] seeking comments on new RMX article, Mike Rubel
Next by Date:  Re: [Asrg] seeking comments on new RMX article, J C Lawrence
Previous by Thread:  Re: [Asrg] RMX proposals and Nash Equilibrium, Alan DeKok
Next by Thread:  Re: [Asrg] RMX proposals and Nash Equilibrium, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]