ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 6. Proposals - DNS-Based - LMAP]

2003-11-13 08:25:35
from [Paul Judge] [Permanent Link] 

Phillip also gave a relevant presenation at the  ASRG meeting in March:
http://www.ietf.org/proceedings/03mar/slides/asrg-7/index.html



-----Original Message-----
From: Yakov Shafranovich [mailto:research(_at_)solidmatrix(_dot_)com] 
Sent: Thursday, November 13, 2003 10:05 AM
To: Hallam-Baker, Phillip
Cc: 'Fridrik Skulason'; asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] 6. Proposals - DNS-Based - LMAP]


Hi,

The following has some relevant information to this topic:

http://www.elan.net/~william/asrg-emailpathverification-presen
tation.pdf

Hallam-Baker, Phillip wrote:

What I could do which might help move us forward is to write a 
whitepaper that has a table that lists the various 

incremental types 

of authentication and accreditation that are possible in 

this space, 

the advantages and costs associated with each.





-----Original Message-----
From: Fridrik Skulason [mailto:frisk(_at_)f-prot(_dot_)com]
Sent: Thursday, November 13, 2003 4:58 AM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] 6. Proposals - DNS-Based - LMAP]




The answer is that it will eliminate the worst types of


spam, impersonation


spam.


One point to consider: Anything that will eliminate
impersonation spam will
also have a drastic effect on computer worms.  It might be 
easier to push
a solution that will not only help with one problem (spam) 

but another

(worms) as well.  It will not eliminate either problem of 
course, but it
will help with both.

The reason this would work against worms is as follows: 

Many worms use 

the same methods as spamming software to forge the sender's 

identity, 

making it sometimes look to the recipient as if the sender 

is someone 

he already knows, this making it more likely he will believe the 
message and open/execute the attachment, activating the worm.

The "worst" mail-borne worm incident was without any doubt the one 
involving W32/Sobig(_dot_)F(_at_)mm(_dot_)  That problem got "solved" on 
its own, 
because the author included code to make the worm turn itself off 
globally on a specific date.

What if the next worm author is not equally "considerate"?

If the worm would not have been able to forge the identity of
the sender,
one can assume that fewer people would have fallen for it and fewer
machines been infected and the problem would not have been as bad.

Therefore my suggestion is that anyone arguing for the 

implementation 

of LMAP should not only point out the benefit with regard 

to spam, but 

also the beneficial effects regarding worms.  This might 

for example 

make it easier to convince companies like Microsoft to endorse the 
proposal.

--
Fridrik Skulason   Frisk Software International   phone: 

+354-540-7400

Author of F-PROT   E-mail: frisk(_at_)f-prot(_dot_)com       fax:   

+354-540-7401





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 2a. Analysis - Spam Sample, Dave Crocker
Next by Date:  [Asrg] Passing on the torch, Paul Judge
Previous by Thread:  Re: [Asrg] 6. Proposals - DNS-Based - LMAP], Yakov Shafranovich
Next by Thread:  [Asrg] Passing on the torch, Paul Judge
Indexes:  [Date] [Thread] [Top] [All Lists]