ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 6. Proposals - Pull System (revisited)

2003-11-30 13:18:30
Dag Kihlman wrote:
[snip]
Since the sender never can be 100% verified in a push system I suggest a
pull system where the sending server is always 100% verified. It is not
authenticated, it is not certified, it is not blessed by the pope but if the
mail body is not on that server the spammer is really really stupid.

This '100% verification you're offering is the same that we get today: we know what IP address is connecting to us.

On top of this 100% verification of the sending server you can add
blacklists, whitelists, classifications. Probably people will blacklist like
mad but that is really up to the individual. ICQ is a system where the user
can blacklist everyone else but the persons on the contactlist. This does
not mean ICQ does not work. It works splendidly. People are able to
communicate and maintain a blacklist at the same time. They can do it and
they will do it better than automated servers.

We can do black/white/category lists by connecting IP with the current system. What are MAPS, SPEWS, ORBS, DSBL, DUL, etc? As a side note, ICQ is normally an opt-in whitelist, which is something quite extraordinary for MTAs outside a single organization.

Sure you can have blacklists in push as well, but allowing spammers to push
is really making them a service: they are able to hit and run leaving
virtually no trace on the hacked machine. In my system I will see if
spammers or viruses are using my credentials to send mail and I am able to
stop them. If my ISP has not blocked the ports to a pull server on my
machine some blacklists will discover that a lot of spam is comming from my
ISP and block everything from the ISP. Sure this is causing damage but to
quote Rambo: they made first blood! ;-)

Again, if you create blacklists of pull servers, spammers can still use them to look up vulnerable hosts, and those hosts are just as useful as they are now, because not many people actually use IP-based blacklists as blacklists. With the LMAP proposal, you will not have to see spammers or viruses using your credentials, because it will be completely impossible! And citing Rambo for support in a serious discussion is probably about as helpful to your cause as citing Hitler.

Philip Miller


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg