ietf-asrg
[Top] [All Lists]

Re: [Asrg] 2 - Solving Spam By Establishing A Platform For Sender Accountability

2003-06-28 15:12:40
Jean-Christophe Bandini wrote:
But the idea of using self-signed certificates (vs CA) 
is not going to work well because they are free.
  I think you are mixing issues here. (i.e. technical and 
economic)
   What my suggestion covered was a technical method for 
permitting the recipient of a mail message to determine if 
that mail message had, in fact, been sent by the server 
identified in the received message's header information. I 
believe that the method that I proposed does, in fact, 
provide this capability and I believe it does so in a manner 
which is more efficient and effective than the method which 
was proposed by Howard Roth in the message to which I was 
responding.
   I believe it would be useful to first determine whether or 
not the technical approach works and then deal with the 
question of whether or not economic issues are relevant to 
the utility of the proposed method. The two issues need to be 
discussed distinctly.

The spammers will simply do what they do today with the 
spamvertised URLs' hosts and keep using new ones because
domain cost is low enough (<$10 today).
    I suggest that the cost to implement this proposal is 
completely independent of its utility. Also, it is irrelevant 
to the utility of this proposal if spammers are able to 
create even vast numbers of domains that all use the method I 
propose. The point is to allow a receiver to verify that the 
claimed sending server is, in fact, the one that sent the 
message. The method will verify spammer's machines just as 
well as non-spammers.

Using a CA could introduce a new cost in the spammer 
economics (plus force some basic validation depending
on cert class).
   Sure, we could make it more expensive for everyone to send 
mail in order to squeeze out the spammers. But, we'll squeeze 
out a large number of other people at the same time. Using 
such a blunt method should only be considered if there are no 
alternatives. In this case, simply raising costs won't 
accomplish much.

But until the vast majority of the legitimate MTAs support
some verification (with or without digital signature), no one
can start to refuse unauthenticated inbound mails.
    Right. So, don't refuse them. Simply mark them 
as "suspect." Then, let the mail clients deal with presenting 
them, filing them in "gray inboxes" etc.

So the benefits in that (long) transition period seems to
be:- ability to have reliable white/black sender domain
lists on verified senders _if_ the cost of creating new
'verified sender domains' is high enough.
    Wrong. You don't have to make domain creation expensive 
in order to have confidence in white/black domain lists as 
long as you can verify the source of a message. My proposal 
allows you to have confidence in the utility of your lists 
even though it adds zero cost to domain creation.

- ability to increase probability of an email being spam if
  sender is not verified.
    Any anti-spam method that relies on the fact that 
spammers might not follow some technical guidelines is doomed 
to failure. You must assume that spammers will follow all of 
the technical rules -- they just don't follow the moral or 
legal rules. Any other set of assumptions will result in 
systems that are trivial to get around - simply by following 
the rules. 
    We should be using a discipline here much like that used 
by the security folk. It is a well known maxim of security 
system design that you must not rely on secret methods in 
designing your systems. You must assume that the enemy knows 
everything about your system and even has the source code. 
Similarly, we should assume that spammers not only "have the 
source code" but they follow all the rules as well.

    bob wyman

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>