ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network

2003-07-15 05:50:12
from [Alan DeKok] [Permanent Link] 
mathew <meta(_at_)pobox(_dot_)com> wrote:

On Friday, July 11, 2003, at 12:46 PM, Alan DeKok wrote:

... this incident can be taken as the start of the end for mobile
users of naked, unauthenticated, unverifiable SMTP.  There are other
methods by which they can send email, and those methods will help
protect against this kind of spam attack, at least.


They will? How?


  By spreading the load of spam detection & filtering.


If the user's copy of Microsoft Outlook is capable of sending e-mail, 
then it doesn't matter if you authenticate or verify before allowing 
SMTP. 


  Who is the "you" in that sentence?

  a) owner of the domain/MTA the sender is claiming to be from
  b) the final recipient

  If by 'you", you mean "the recipient", then of course authentication
doesn't help, because the recipient *can't* authenticate the sender.
And why is the recipient responsible for authenticating the identity
of all senders?  Does no one think that's a stupid idea?

  If, on the other hand, the roaming sender authenticates to his home
domain, and uses his home MTA for email, then the home domain now has
the opportunity to be a Good Netizen, and filter out the crap before
spewing it onto the net.  This won't happen all of the time, but it
will happen sometimes.


It doesn't help a bit, any more than it would help to block SMTP.


  Only if you assume that the recipient is the one doing ALL of the
work of spam detection & filtering, and that no one else on the
network does anything.

  Spam filtering on outbound messages is perfectly permissible in many
cases, and legally required in many.  Do you really think that it's
legally acceptable for businesses to allow their employees to send
(whatever illegal content) to each other, or to people outside of the
company?


As long as the machine can be used to send e-mail, and can easily be 
compromised (i.e. is running Windows), it can be used to send spam.


  Nonsense.  It can be used to *try* to send spam, but there's no
guarantee that the recipient will be bothered by those attempts, or
even know about them.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Summaries online..., C. Wegrzyn
Next by Date:  6. Proposal - Sender Pays (was RE: [Asrg] Forbes: Pay up ), Paul Judge
Previous by Thread:  Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network, mathew
Next by Thread:  Re: [Asrg] 0.General - News Article - NYT Reports Porn Spam Hijacking Network, mathew
Indexes:  [Date] [Thread] [Top] [All Lists]