ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for Fighting Spam

2003-05-07 18:17:58
from [waltdnes] [Permanent Link] 
On Wed, May 07, 2003 at 11:26:26AM -0600, John Fenley wrote

From: Jim Littlefield <little(_at_)abaqus(_dot_)com>

...and every EarthLink subscriber to a mailing list will stop receiving
their list mail because the list server software/administrator boots them.


Sorry if this has been talked about...Massive traffic has prevented my 
following the list closely.

The last pannel at the forum seemed to point to the importance of 
opt-in/opt-out, and ensuring that the wanted mail goes through. Mailing 
lists are opt-in, and a solution that takes care of these things would 
solve the problems associated with Challenge/Response.

Any whitelisting strategy is prone to spoofing, but if authentication 
strategys were used then spoofing wouldn't be a problem, but opt-ins would 
still be.


  Wouldn't it be possible for a mailing list to give whitelisting
criteria on a webpage ?  Something that's virtually unspoofable is to
give the machine name of the MTA, which can then be checked against the
sending IP address.  In addition to multiple names resolving to the same
address, it's possible to have multiple addresses resolve to the same
name.  A real-life example is...

[m1800//home/waltdnes]host www.cnn.com
www.cnn.com is an alias for cnn.com.
cnn.com has address 64.236.24.20
cnn.com has address 64.236.24.28
cnn.com has address 64.236.16.20
cnn.com has address 64.236.16.52
cnn.com has address 64.236.16.84
cnn.com has address 64.236.16.116
cnn.com has address 64.236.24.4
cnn.com has address 64.236.24.12

  A mailing list could give its MTA name as outbound.bad.example.com and
the "host" command ("nslookup" on some OS's) could get a list
corresponding IP addresses, and check to see whether the sender is on
that list.  Note that I specified name, not address.  This allows the
list to move to a new ISP by editing its DNS zone entries.  No need for
end-users to change anything in this case.

-- 
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Is there anything good enough? - Spoofing stats, David Walker
Next by Date:  RE: [Asrg] Content filter abuse for censorship, Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for Fighting Spam, John Fenley
Next by Thread:  RE: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for Fighting Spam, Eric D. Williams
Indexes:  [Date] [Thread] [Top] [All Lists]