[Top] [All Lists]

Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General)

2003-10-27 13:33:35
At 1:45 PM -0500 2003/10/27, Jonathan A. Zdziarski wrote:

                           Some spammers are now digitally signing their
 messages to appear authentic (some signatures are obviously bogus)...but
 should we have an authenticated system of SMTP, that will not affect the
 filter's basis premise that it is the _content_ of the message that
 makes it guilty, not the sender.  In other words, even if everyone was
 using an authenticated version of SMTP, it would not suggest that the
 filter should "trust" the sender/message.

        Thank you!

It doesn't matter whether they're using open proxies, trojaned machines, stolen accounts, accounts obtained under false pretenses (e.g., with fake credit cards), or any other technique currently known today or not, there is an increasingly large number of spammers who are perfectly willing to use "authenticated" methods to transmit their spam.

Even if we forced everyone in the universe to send e-mail using only the authorized outbound mail relays from their provider, using only the authorized domains owned by their provider, we would not stop this onslaught. Moreover, I don't think we'd even slow it down very much.

Providers would tend to turn a blind eye to this sort of thing because they don't want to build the kind of mail system infrastructure that could deal with those loads, and they don't have the wherewhithal to build an individual user authentication method that could reliably tell the difference between legitimate and illegitimate uses of the mail system -- if your machine is trojaned and using your MUA of choice to send out e-mail through your designated outbound mail relays, how is the provider going to tell the difference between that illegitimate use and your real-world outbound messages?

Are we going to ask them to filter all the mail through the Chinese gov't or the NSA, so that we can get back an "authoritative" answer as to whether or not this message is okay? If not, how can any one ISP hope to put together the kind of resources it would take to make those kinds of determinations based on client patterns, and which could notice "abnormal" behaviour (i.e., six-sigma differences)? And if they did, why shouldn't we expect spammers to use a "slow start" mechanism that would fly under the radar? And if slow start wasn't enough, what if the patterns would only show themselves when data is collected across all ISPs? Shall we have all e-mail messages and log data transmitted in real-time to the Department of Homeland Security, the Mossad, or maybe Jemaah Islamiyah?

The worst part of it is, that as we throw out one piece of the baby with the bathwater at a time, soon enough there won't be any baby left. Even if it's just one blood cell at a time, if you do it enough, the result is that there is nothing left. This is the reverse of the "one bite of the apple" proposal that DMA spokesperson Patricia Faley told CNN, and which is debunked at <>. This time, we'd be doing it to ourselves, while not stopping (or even significantly slowing) the spammers.

I refer you to the quote in my .sig. The people proposing these non-crypto based "authentication" mechanisms are suggesting that we each give up essential e-mail liberties one by one for very little temporary safety that will have no positive impact in the long run.

        We need totally different kinds of solutions to this problem.

For one, if you're going to do authentication, don't bother trying to do anything through the DNS -- That's a thermo-nuclear minefield just waiting to happen as it is. Unless you are Cricket Liu, Paul Vixie, or some other DNS luminary that could write their own book on DNS Security [*], then you are not qualified to judge the risks of this approach. If you're going to do authentication, then do it right -- using a secure protocol with cryptographic techniques at the core.

Secondly, if you insist on going down this path despite all warnings to the contrary, don't be silly and insist that this is something that can be done in a binary manner -- that might work in an ideal world, but this has never been an ideal world. Instead, use this information as just one input to a overall scoring system that can take many factors into consideration, and then try to come to a more intelligent decision based on all the available data.

[*]  If you have already done so, or are in the process, I want to talk to you.

Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>