From: Scott Nelson <scott(_at_)spamwolf(_dot_)com>
...
Never use absolutes, they will always get you in to trouble.
Many absolutes, including that one, can get you into trouble.
Suppose that all challenges included the Message-Id: of the
quarantined message in it's In-Reply-To: and/or References: header.
(like all DSNs should - grrr)
Then as long as mail clients can recognize message-ids they've created,
it's a simple matter to accept any you've generated, and discard any
that you haven't. (Handy for those forged return address bounces too.)
So few users know what a message-ID is, and so few of those who do
know have the least clue about the message-IDs of their last dozen
sent mail messages that it is safe to make the absolute statement that
no users could ever distinguish valid from bogus spammer challenges
with message-IDs.
If you're worried that spammers will start forging plausible ids
for their In-Reply-To: headers, or that's too hard for your computer
to remember a few thousand IDs, here's a simple way to create them.
id = "UTC.N@" . md5sum(UTC, N, domain, secret);
...
How many people are going to manually check the last few days of mail
they've sent looking for the message-ID of a new challenge? Obviously
no one, including practically all C/R advocates will bother. If any
users were willing and able to do that, there would not be a continuous
flood of questions from people asking how their computers managed to
send spam when they weren't looking when they get a forged bounce.
Even if you modify everyone's MUA to record the Message-IDs of outgoing
mail (no, not all MUAs do that, not even when configured to record
outgoing mail), the absolute statement that no one would manually
check Message-IDs is still more than "5-nines" true. You would have
to modify MUAs to automagically check "sent folders."
This sub-thread started with the observation that many of us can't
remember to whom we sent mail, and you want us to remember Message-IDs?
If manual (or automatic) checking of Message-IDs could work, then so
would manual (or automatic) checking of "sent folders" for recipients
(except for .forward files, aliases, etc.).
IMO the killer problem with C/R is the "automated notice of
something important" message. Frequently, those don't even have
a valid return address, much less a human that will click
on your web site.
That's also a killer.
C/R systems depend on and will in practice devolve into whitelisting
systems. It would be good to finish the C/R protocols, IDs, or whatever,
and move on to the whitelisting mechanisms that C/R systems require.
That's where most of the utility will lie. You'll need protocols or
some sort of mechanical support to exchange self-signed certs, PGP keys,
or whatever to foil spammer attacks on the whitelisting system.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg