Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General)
2003-10-27 13:33:35
At 1:45 PM -0500 2003/10/27, Jonathan A. Zdziarski wrote:
Some spammers are now digitally signing their
messages to appear authentic (some signatures are obviously bogus)...but
should we have an authenticated system of SMTP, that will not affect the
filter's basis premise that it is the _content_ of the message that
makes it guilty, not the sender. In other words, even if everyone was
using an authenticated version of SMTP, it would not suggest that the
filter should "trust" the sender/message.
Thank you!
It doesn't matter whether they're using open proxies, trojaned
machines, stolen accounts, accounts obtained under false pretenses
(e.g., with fake credit cards), or any other technique currently
known today or not, there is an increasingly large number of spammers
who are perfectly willing to use "authenticated" methods to transmit
their spam.
Even if we forced everyone in the universe to send e-mail using
only the authorized outbound mail relays from their provider, using
only the authorized domains owned by their provider, we would not
stop this onslaught. Moreover, I don't think we'd even slow it down
very much.
Providers would tend to turn a blind eye to this sort of thing
because they don't want to build the kind of mail system
infrastructure that could deal with those loads, and they don't have
the wherewhithal to build an individual user authentication method
that could reliably tell the difference between legitimate and
illegitimate uses of the mail system -- if your machine is trojaned
and using your MUA of choice to send out e-mail through your
designated outbound mail relays, how is the provider going to tell
the difference between that illegitimate use and your real-world
outbound messages?
Are we going to ask them to filter all the mail through the
Chinese gov't or the NSA, so that we can get back an "authoritative"
answer as to whether or not this message is okay? If not, how can
any one ISP hope to put together the kind of resources it would take
to make those kinds of determinations based on client patterns, and
which could notice "abnormal" behaviour (i.e., six-sigma
differences)? And if they did, why shouldn't we expect spammers to
use a "slow start" mechanism that would fly under the radar? And if
slow start wasn't enough, what if the patterns would only show
themselves when data is collected across all ISPs? Shall we have all
e-mail messages and log data transmitted in real-time to the
Department of Homeland Security, the Mossad, or maybe Jemaah
Islamiyah?
The worst part of it is, that as we throw out one piece of the
baby with the bathwater at a time, soon enough there won't be any
baby left. Even if it's just one blood cell at a time, if you do it
enough, the result is that there is nothing left. This is the
reverse of the "one bite of the apple" proposal that DMA spokesperson
Patricia Faley told CNN, and which is debunked at
<http://www.cauce.org/pressreleases/math.shtml>. This time, we'd be
doing it to ourselves, while not stopping (or even significantly
slowing) the spammers.
I refer you to the quote in my .sig. The people proposing these
non-crypto based "authentication" mechanisms are suggesting that we
each give up essential e-mail liberties one by one for very little
temporary safety that will have no positive impact in the long run.
We need totally different kinds of solutions to this problem.
For one, if you're going to do authentication, don't bother
trying to do anything through the DNS -- That's a thermo-nuclear
minefield just waiting to happen as it is. Unless you are Cricket
Liu, Paul Vixie, or some other DNS luminary that could write their
own book on DNS Security [*], then you are not qualified to judge the
risks of this approach. If you're going to do authentication, then
do it right -- using a secure protocol with cryptographic techniques
at the core.
Secondly, if you insist on going down this path despite all
warnings to the contrary, don't be silly and insist that this is
something that can be done in a binary manner -- that might work in
an ideal world, but this has never been an ideal world. Instead, use
this information as just one input to a overall scoring system that
can take many factors into consideration, and then try to come to a
more intelligent decision based on all the available data.
[*] If you have already done so, or are in the process, I want to talk to you.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), (continued)
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), David Maxwell
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Andreas Saurwein
- RE: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Tom Thomson
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), David Maxwell
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Brad Knowles
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Dennis Gearon
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Jonathan A. Zdziarski
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Markus Stumpf
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Brad Knowles
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General),
Brad Knowles <=
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Alan DeKok
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Brad Knowles
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Alan DeKok
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Jonathan A. Zdziarski
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Yakov Shafranovich
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Jonathan A. Zdziarski
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Jon Kyme
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Brian Adams
- Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Alan DeKok
RE: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), Hallam-Baker, Phillip
|
|
|