At 11:49 PM +0200 2003/10/02, Dag Kihlman wrote:
It is true you do not need a pull system to have a blacklist
but since the IP address must be valid a longer time the blacklist works
best together with a pull system.
The same can be said for existing use of greylisting plus an
enforced delay before you will accept the message, in combination
with black lists and message content reporting systems.
You offer no advantages here, for all the extra costs you would
I agree fully when you say that some pull servers will be attractiv to hack.
In a pull system the best way to avoid blacklists is to hack pull servers.
With SMTP you do not have to do it, it is a complete waste of time. That is
why I suggested encryption. If the mails are encrypted and the key trown
away there will be no point in hacking the pull server. After "decryption"
the mails will be unreadable. :-)
It is sufficiently difficult to properly implement cryptographic
message signing, much less message encryption. Moreover, the
existing systems implement this sort of thing where the spare CPU is
most available -- on the client. You would be increasing by untold
orders of magnitude the amount of message encryption that would be
required (above what is happening today), and you would be doing it
centrally -- the one place in the architecture that has the biggest
CPU crunch already.
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
Asrg mailing list