ietf-asrg
[Top] [All Lists]

RE: [Asrg] 6. Proposals - DNS-based - News Article

2003-10-27 07:49:25
CNET News.com has posted a news article about the reconciliation effort
of different RMX protocols:

http://news.com.com/2100-1038_3-5096820.html


I hope it's an inaccurate report and that this is a misquotation:-

"Once you have reputation systems that work on the basis of domains, which
spammers cannot forge, then no matter how many machines you hack into, you
still have to use the spammer's domain," Wong said. "And that's how we'll
get you."

So far as I can see, once you've hacked into a machine and maybe taken it
over with your nasty little trojan, you can send email from that machine's
domain to your heart's content; so what's this "you still have to use the
spammer's domain" stuff?

I'm even more worried about the quoted claim that there's no need for
legislation, reputation systems will do it all for us, in case legislators
in some jurisdictions are stupid enough to believe it.  As long as it costs
peanuts to set up a new domain (and only few more peanuts to set up a small
ISP) either the reputation system is worthless against spammers or it's just
a big a barrier to legitimate new entrants to the internet as it is to
spammers. An authentication system can either wait for long enough for a
domain or an ISP to develop a bad reputation and allow masses of spam
through from new domains and ISPs in the meantime, or treat alll new ISPs
and domains as having a bad reputation and destroy the usefulness of new
domains and ISPs - making the internet effrectively a monopoly of current
players; I'm not suficiently cynical to suggest that the reason for this
suggestion is that some of the subcommittee are current players who are
seing big dollar signs, but I sure will suggest that they are not living in
the real world if the really said that and it's not an artifact of
misreporting.  Combining authentication with legislation which provides
suitable penalties would close that hole - and I don't see another way of
closing it.

Tom Thomson


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>