Thankyou for your comments. My comments are in the body of the message
below. This post refers to the 'GIEIS' system cueently at version 0.002.
An update to version 0.003 will be carried out in the next few days.
'GIEIS' has an extensive list of systems to be added and they will appear as
soon as the documentation can be written.
The 'GIEIS' system can be viewed here at:
http://homepage.ntlworld.com/giza.necropolis
Mark McCarron.
From: Steven F Siirila <sfs(_at_)tc(_dot_)umn(_dot_)edu>
To: Mark McCarron <markmccarron_itt(_at_)hotmail(_dot_)com>
CC: Steve Siirila <sfs(_at_)tc(_dot_)umn(_dot_)edu>, asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] 'GIEIS' - The Fifth Response
Date: Thu, 3 Jul 2003 15:08:20 -0500
On Thu, Jul 03, 2003 at 08:04:23PM +0000, Mark McCarron wrote:
> >
> >On Thu, Jul 03, 2003 at 07:05:56PM +0000, Mark McCarron wrote:
> >>
> >> >> (1) In the short to medium term
> >> >>
> >> >> Devise a method of reasonably reliably identifying bulk spam,
> >> >> UCE or UBE and levying a charge on the senders (via any of
their
> >> >> upstream carriers, financial pain having the properties that
it
> >> >> does) which approaches that of any other method of commercial
> >> >> or non-private bulk message delivery and most of the TECHNICAL
> >> >> NETWORKING problems associated with spam - which are almost
> >> >> entirely due intractable volumes of traffic - would rapidly
> >> >> disappear.
> >> >>
> >> >> Mark's Response:
> >> >>
> >> >> The problem with this suggestion is that spammers are difficult to
> >> >> trace and even when traced there lacks the proper legal frameworks
> >> >> to do much about it.
> >> >
> >> >
> >> >Spammers are only difficult to trace because there has been, until
> >> >recently, little incentive to trace them and no sanctions placed
> >> >on any injection points (which certainly can do most of the
> >> >necessary tracing if well configured) for failure to do so.
> >>
> >>
> >> Mark's Response:
> >>
> >> No. The Internet crosses many legal boundries across the planet.
With
> >> anonymous connections such as those by proxy (SOCKS, HTTP, etc) and
> >those
> >> by extensive proxy chains, simply back-tracing a tranmission is a
legal
> >> nightmare. Imagine attempting to get server logs from 40 or 50
> >different
> >> countries and then not even being guarenteed that the culprit is
still
> >> there at the end of it all. 'GIEIS' would eliminate the need for all
of
> >> this.
> >
> >So would simply requiring reverse DNS as well as a record indicating
> >whether
> >or not an IP address has been designated as an MTA. This would make
all of
> >the open proxies, hacked desktops, and dynamic IP ranges unable to send
> >mail
> >directly to a site's MX server, forcing them to use an ISP's SMTP
gateway.
> >What you would have left is legitimate MTAs (some of which may be open
> >relays).
> >This is essentially where we are headed at our site by putting these
sorts
> >of
> >things into place gradually.
> >--
>
>
> Marl's Response:
>
> I am afraid that would not work. Spammers would just use lists of
> resolvable domain names. Also, some form of centralisation would be
> required to maintain the list you describe. Another problem would arise
> from sending authorisation requests cleartext over the Internet, these
> could be intercepted and responded to allowing spammers access. This is
> exactly what 'GIEIS' architecture eliminates completely.
The centralization you refer to is easily accomplished via DNS records.
"Authorization" is accomplished via simple DNS lookups much the same as
we currently use DNSbl lists already today.
--
Mark's Response:
I think you are missing the point that it can be very easily bypassed. Its
not secure like 'GIEIS'.
Steven F. Siirila Office: Lind Hall, Room 130B
Internet Services E-mail: sfs(_at_)umn(_dot_)edu
Office of Information Technology Voice: (612) 626-0244
University of Minnesota
_________________________________________________________________
Sign-up for a FREE BT Broadband connection today!
http://www.msn.co.uk/specials/btbroadband
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg