ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 6. Proposals: LMTP proposals]

2003-12-01 05:12:21
Fridrik Skulason wrote:
LMAP is supposed to be checking the IP of the connected client against DNS. Unless they can forge a TCP connection with the MTA without seeing any of the traffic, they can't pull that off with LMAP going. Now, if they were actually fastmail.fm users, that would be another story. In particular, I think dealing with that falls under the umbrella of 'local policy'.


LMAP will never eliminate all cases of forgery - which actually has a
rather nasty side-effect.  Think of it as the "survival of the fittest"
in action.  If something like LMAP was universally adopted, any spam
mechanism not affected by it would be "encouraged", so to speak.

So, which cases would not be affected by LMAP?  Now, in addition
to all the "non-forged" methods (disposable accounts, rogue ISPs and so
on) there is the following:

   A spammer gains access to a compromised computer, and determines
   the mail address of the owner of the machine.  The spam is then
   sent out in the name of the owner of the machine, just as if
the real owner was actually pressing the keys.
In other words, widespread implementation of LMAP (which would be a good
thing) would lead to more compromised machines (which would be a bad thing) ;-)


In the case you cite, the recipients gain two advantages over the current situation: they have soemone to hold accountable, and that someone has an interest in cooperating.

--
Philip Miller


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>