ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 2 - Solving Spam By Establishing A Platform For Sender Accountability

2003-06-29 09:16:37
from [asrg] [Permanent Link] 
Jean-Christophe Bandini wrote:
The point is to allow a receiver to verify that the claimed sending server is, in fact, the one that sent the message. The method will verify spammer's machines just as well as non-spammers. 


Yes i understood that part.
Right. So, don't refuse them. Simply mark them as "suspect." Then, let the mail clients deal with presenting them, filing them in "gray inboxes" etc. 


Yes that's equivalent to what i meant by "ability to increase
probability of an email being spam if sender is not verified."
which you seemed to disagree with later on.
Wrong. You don't have to make domain creation expensive in order to have confidence in white/black domain lists as long as you can verify the source of a message. My proposal allows you to have confidence in the utility of your lists even though it adds zero cost to domain creation. 


You lost me here. Here is what i meant and may be my thinking
is flawed but let me try again: the spammer can create every
day at sunrise a _new_ domain and its associated free signing cert,
then spend the day happily spamming. At the receiving end, i see
a new sender domain which is 'signed or verified' but i dont
know yet it is a spammer because that domain appeared today so
it is not in my black list yet. By the time i put it in my black
list the spammer has already moved on and start using a fresh
verified sender domain.

This is exactly what spammers are doing today with domains in
spamvertised URLs: they use one or more new domains daily.

Making it more difficult to create new verified domains
(using economics or not) would make black listing much more
valuable in a world with verified senders.
Once we have verified senders, and thus blacklists that can accurately record what domains and servers have spammed, we can introduce a delay in the system to cross-check incoming mail against other servers and the recipient server's own inbound traffic. If it sees a large volume of messages from one sender, it can blacklist it before delivering the suspect messages. Although this could cause a slow-down in email delivery, and possibly increased server loads, it would present a fairly strong defense against mass-mailed spam. 

Philip Miller



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] In case anyone thought Barry was exaggerating, Jon Kyme
Next by Date:  Re: [Asrg] In case anyone thought Barry was exaggerating, Alan DeKok
Previous by Thread:  Re: [Asrg] 2 - Solving Spam By Establishing A Platform For Sender Accountability, Jean-Christophe Bandini
Next by Thread:  RE: [Asrg] 2 - Solving Spam By Establishing A Platform For Sender Accountability, Bob Wyman
Indexes:  [Date] [Thread] [Top] [All Lists]