ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: 6. Proposals: MTA MARK

2003-12-09 03:59:23
from [Tomi Panula-Ontto] [Permanent Link] 
On 12/09/2003 6:45 PM, Matthew Elvey said:

----- Original Message ----- 
From: "Matthew Elvey" <matthew(_at_)elvey(_dot_)com>
To: "Tomi Panula-Ontto" <tomi(_at_)panula-ont(_dot_)to>
Sent: Saturday, December 06, 2003 6:45 PM
Subject: Re: [Asrg] Re: 6. Proposals: MTA MARK



On 12/1/2003 6:56 AM, Tomi Panula-Ontto sent forth electrons to convey:


On 11/30/2003 1:00 AM, Matthew Elvey said:


[cut]

Well, for one thing, I fear people like me (one static DSL IP on SBC) or
using dyndns on a dynamic IP are unlikely to be able to convince their
ISPs to put such entries in DNS.


If that's the case,  I suggest you change to more responsible ISP.
I don't think we are doing very good work, if we just leave the
ISPs out. ["They are bad people anyway and yeah, they let their
customers spam all day long" - not in my experience]

IMHO, people using dynamic IPs should not be allowed to run
(trusted) smtp servers anyway. Why so? According to some recent
studies one third of the spam is generated in some compromised
home computers [Exact wording may differ].
People behind dynamic IPs should either use some SMTP AUTH
relay service (like www.asmtp.com) or use the mail server provided
by their ISP. They should not be allowed to take direct contact to
any SMTP server in the world. But hey, that's me, you don't have
to agree.



Not that I recall.  These protocols only become 'mandatory' if they
catch on and become broadly used. The IETF has no power to force people
to follow their rules.


I'm aware of that. IETF is here to public and open discussions of the
means (protocols, etc) to do the job.

IETF is just one step. Discuss and design the protocol.
Other people will implement it (if they feel it's worth implementing).
Other people will use it (if it's worth using).


MTAmark has less of a chance to catch on than LMTP, because it provides
a smaller incentive to adoption, as I've explained in a previous post.
If your domain is being forged, you're highly likely to adopt LMTP.  If
a ISPs IPs are being used to spam, they may well not adopt MTAmark.
I'm not against MTAmark; I think LMTP should be a higher priority.


Let's just clear out one thing. When you say LMTP, do you actually mean
LMAP?
(http://asrg.kavi.com/apps/group_public/download.php/15/draft-irtf-asrg-lmap
-discussion-00.txt)

LMAP is based on two concepts: publication of policy by a domain, and
application of that policy by a recipient MTA.

I fear that LMAP doesn't address the problem. Why so?
Who can prevent spammers from stealing credit cards and
registering thousands of domains to use in their spamming
business?

See LMAP discussion paper [5.1.4]

"
Spammers may bypass this scheme through a number of methods, such as:
- Claiming association with a domain not implementing LMAP
- Claiming association with a domain implementing LMAP, but
which has a policy stating anyone can claim such association.
- "Hijacking" systems or MTAs within a domain to send spam.
- DNS poisoning, to force particular LMAP information on an MTA
- Registering domains, and implement LMAP.

Recipients can use methods other than LMAP to defend against such
attacks.  These methods may include whitelists, blacklists, greylists
[ref], and content filtering.  There is no requirement that LMAP be
the only source of information for implementing site policy.
"

ReverseMX or MTAMark are simply distributed whitelists
managed by the network owners (ISPs). Even though I think
in my humble mind that ISPs should be forced to adopt
such policy, there is no way to do that, until the protocol
is well functioning and easily adoptable by the organizations.

If we ever finish the "protocol" and get working implementations,
then maybe we can get some acceptance and perhaps even
widespread usage to it.

If we ever reach that point, then it's time to start discussions with
IANA, RIPE, ARIN, APNIC, etc. to enforce the rule.


Should, should....  The ones that will are the ones that terminate their
spamming customers.  I don't see MTAmark providing any incentive for
ISPs to be more responsible than they are now.


Well, if that's the case then I'm sure the ISPs are happy to sell
their massmailers err.. MTAs for spammers.


I think Eric Raymond explained why a try everything and see what sticks
plan isn't ideal.  It dilutes resources.


So we should go and try LMAP and see them exploit it in
matter of days, right?

And whos resources?

I don't know how spammers operate, but they really seem quite
professional at it, since whenever I have added a new RBL
sources to my blacklisting MTA the amount of spam is reduced
only for few days or perhaps weeks. Pretty soon, they are able
to reroute whole damn thing and we are back on the same level
we started from.

And they are doing the very same thing in message headers,
the message itself. They are trying to keep ahead of the spam
prevention and they're really doing pretty good job there.
They get their living out of it.

Do you really think they would not do it for LMAP? Or any
other means? Of course they will. As long as they can.
If there are easy, and relatively cheap ways to circumvent
a problem, then they'll do it.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys"], Jon Kyme
Next by Date:  Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys", Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] Re: 6. Proposals: MTA MARK, Matthew Elvey
Next by Thread:  Re: [Asrg] Re: 6. Proposals: MTA MARK, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]