ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]

2004-02-17 08:17:33
from [Alan DeKok] [Permanent Link] 
A week ago, Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:

What I find problematic is that there is an existing identity in email - 
IP addresses. If blacklists are made to be more feature rich, possibly 
becoming reputation services, that might help. So I am not sure why 
going to domain identity or sender identity makes a difference.


  IP addresses are short-lived, and machines at an IP are being
hijacked to send spam.  You can't have a blacklist if one IP sends 10
spam in 5 minutes, and then disappears for a week.


One compelling argument made so far is that IP owners do not care if
their identity gets stolen, but domain owners and senders do. IF you
raise the cost for IP owners, they will start to care.


  It has nothing to do with identity.  It has everything to do with
accountability.  Temporary IP addresses are not accountable, and in
many cases, cannot practically be made accountable for the small
amounts of spam they send.  But there are tens of millions of such
systems, resulting in huge volumes of spam.


My second problem, is that there are multiple ways to introduce sender 
identity into email. We should stop back for a second, and look at the 
problem from a bird's eye view. If we were to be designed the email 
system from scratch, how would sender identity be implemented? Would 
spam still exist in such system?


  Personally, I wouldn't introduce sender identity.  I would introduce
long-term accountability.  I don't care who sent the message, so long
as someone is willing to take the blame when something goes wrong.  If
the accountable party doesn't stick around long enough to be held
accountable, then they're not an accountable party.

  e.g. A whitelist could state "this IP has been an MTA for a year",
and a blacklist could state "this IP sent lots of spam in the past
week".  The combination of the two will mean that most legitimate mail
from the whitelisted IP's will get through to the recipients, but
legitimate email from *non* white-listed IP's may get put into the
"maybe spam: do content filter" bucket.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Spooked mail addresses, Alan DeKok
Next by Date:  Re: [Fwd: [Asrg] Re: Documents for LMAP BOF], Daniel Feenberg
Previous by Thread:  Re: [Fwd: [Asrg] Re: Documents for LMAP BOF], Yakov Shafranovich
Next by Thread:  Re: [Fwd: [Asrg] Re: Documents for LMAP BOF], Daniel Feenberg
Indexes:  [Date] [Thread] [Top] [All Lists]