Jean-Christophe Bandini wrote:
But the idea of using self-signed certificates (vs CA)
is not going to work well because they are free.
I think you are mixing issues here. (i.e. technical and
economic)
What my suggestion covered was a technical method for
permitting the recipient of a mail message to determine if
that mail message had, in fact, been sent by the server
identified in the received message's header information. I
believe that the method that I proposed does, in fact,
provide this capability and I believe it does so in a manner
which is more efficient and effective than the method which
was proposed by Howard Roth in the message to which I was
responding.
I believe it would be useful to first determine whether or
not the technical approach works and then deal with the
question of whether or not economic issues are relevant to
the utility of the proposed method. The two issues need to be
discussed distinctly.
The spammers will simply do what they do today with the
spamvertised URLs' hosts and keep using new ones because
domain cost is low enough (<$10 today).
I suggest that the cost to implement this proposal is
completely independent of its utility. Also, it is irrelevant
to the utility of this proposal if spammers are able to
create even vast numbers of domains that all use the method I
propose. The point is to allow a receiver to verify that the
claimed sending server is, in fact, the one that sent the
message. The method will verify spammer's machines just as
well as non-spammers.
Using a CA could introduce a new cost in the spammer
economics (plus force some basic validation depending
on cert class).
Sure, we could make it more expensive for everyone to send
mail in order to squeeze out the spammers. But, we'll squeeze
out a large number of other people at the same time. Using
such a blunt method should only be considered if there are no
alternatives. In this case, simply raising costs won't
accomplish much.
But until the vast majority of the legitimate MTAs support
some verification (with or without digital signature), no one
can start to refuse unauthenticated inbound mails.
Right. So, don't refuse them. Simply mark them
as "suspect." Then, let the mail clients deal with presenting
them, filing them in "gray inboxes" etc.
So the benefits in that (long) transition period seems to
be:- ability to have reliable white/black sender domain
lists on verified senders _if_ the cost of creating new
'verified sender domains' is high enough.
Wrong. You don't have to make domain creation expensive
in order to have confidence in white/black domain lists as
long as you can verify the source of a message. My proposal
allows you to have confidence in the utility of your lists
even though it adds zero cost to domain creation.
- ability to increase probability of an email being spam if
sender is not verified.
Any anti-spam method that relies on the fact that
spammers might not follow some technical guidelines is doomed
to failure. You must assume that spammers will follow all of
the technical rules -- they just don't follow the moral or
legal rules. Any other set of assumptions will result in
systems that are trivial to get around - simply by following
the rules.
We should be using a discipline here much like that used
by the security folk. It is a well known maxim of security
system design that you must not rely on secret methods in
designing your systems. You must assume that the enemy knows
everything about your system and even has the source code.
Similarly, we should assume that spammers not only "have the
source code" but they follow all the rules as well.
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg