ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 'GIEIS' - The Fifth Response

2003-07-04 17:15:48
from [Steven F Siirila] [Permanent Link] 
On Fri, Jul 04, 2003 at 08:45:47PM +0000, Mark McCarron wrote:


So would simply requiring reverse DNS as well as a record indicating
whether
or not an IP address has been designated as an MTA.  This would make 

all of

the open proxies, hacked desktops, and dynamic IP ranges unable to send
mail
directly to a site's MX server, forcing them to use an ISP's SMTP 

gateway.

What you would have left is legitimate MTAs (some of which may be open
relays).
This is essentially where we are headed at our site by putting these 

sorts

of
things into place gradually.
--



Marl's Response:

I am afraid that would not work.  Spammers would just use lists of
resolvable domain names.  Also, some form of centralisation would be
required to maintain the list you describe.  Another problem would arise
from sending authorisation requests cleartext over the Internet, these
could be intercepted and responded to allowing spammers access.  This is
exactly what 'GIEIS' architecture eliminates completely.


The centralization you refer to is easily accomplished via DNS records.
"Authorization" is accomplished via simple DNS lookups much the same as
we currently use DNSbl lists already today.
--



Mark's Response:

I'm afraid that is not a secure method.  Firstly, I can alter the haeder of 
email messages to reflect any domain.  You could quite happily look me up 
in all the DNS records you liked and I would be authorised every time.  
Also, communications between servers is an insecure element in this 
structure.  This can be intercepted an modified at run-time, thus allowing 
access.  Only 'GIEIS' secures against these methods, spoofing is impossible.


You apparently have no clue about what I've been talking about, instead
choosing to promote your product.  Of course headers are forgeable.
Never once did I talk about headers.  I believe others on this list know
exactly what I'm talking about, so there is no point to continuing this
thread any further.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Two ways to look at spam, Walter Dnes
Next by Date:  Re: [Asrg] Two ways to look at spam, Bruce Stephens
Previous by Thread:  Re: [Asrg] 'GIEIS' - The Fifth Response, Mark McCarron
Next by Thread:  Re: [Asrg] 'GIEIS' - The Fifth Response, Mark McCarron
Indexes:  [Date] [Thread] [Top] [All Lists]