ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: message-body-authenticator (was: Re: [Asrg] spf)

2004-03-28 17:20:24
from [Radu Hociung] [Permanent Link] 
Perhaps I didn't understand something.

What I meant is that spammers can use a through-away domain or a temporary
subdomain (say "Mar282004.spamnet.net"), run a DNS server with enough
capacity to authenticate the day's spam-run. To block emails verified by
such a system, one would need to use some blacklisting technology against
Mar282004.spamnet.net or spamnet.net. But if you need a blacklist to enable
this message-body-authenticator technology, where's the value of the 'mba'
technology?

There are many other real-world problems with this - roaming senders,
centralized DNS database vs. decentralized outgoing MTA's, etc.

A system that relies to any extent on the DNS system should take into
account that authoritative slave name-servers cannot perform periodic, but
not necessarily frequent zone-transfers. Thus, there are propagation delays
between the DNS servers of any domain. The DNS system was not designed for
publishing real-time-like information.

Radu.




If MBA works as intended, 
spammers won't use
it, because by using it, their domains would be promptly recognized and
easily blocked by most mail hosting providers. Assuming MBA is widely
adopted, a picky receiving MTA could choose to only accept 
mba-authenticated
mails.

Ricardo

----- Original Message -----
From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
To: Radu Hociung <radu(_dot_)asrg(_at_)ohmi(_dot_)org>
Cc: <spharion(_at_)directnet(_dot_)com(_dot_)br>; <asrg(_at_)ietf(_dot_)org>
Sent: Sunday, March 28, 2004 4:35 PM
Subject: Re: [Asrg] spf



LMAP-related discussions for SPF and other proposals have 

moved to the

MXCOMP list (http://www.imc.org/ietf-mxcomp/).

Yakov

Radu Hociung wrote:


Unfortunately,

A spammer can just as well set this up. This system does not
discriminate based on the intention or identity of the sender.

Also, I think a good test to any anti-spam proposal is 

this: Would this

be a sustainable model if it became mainstream?

Your approach relies on a lot of wasted resources at the DNS cache
level; imagine what would happen to Hotmail's caching DNS 

servers if

they would cache two entries for every 2.5B spam messages 

they receive

every day?

I didn't like the pop-ups.
I appreciate the effort, though; you may have something, 

but it needs

more work.
Radu.
--
Radu Hociung

radu(_at_)ohmi(_dot_)org



    -----Original Message-----
    *From:* asrg-admin(_at_)ietf(_dot_)org 

[mailto:asrg-admin(_at_)ietf(_dot_)org] *On Behalf

    Of 

*spharion(_at_)directnet(_dot_)com(_dot_)br

    *Sent:* Saturday, March 27, 2004 7:10 AM
    *To:* asrg(_at_)ietf(_dot_)org
    *Subject:* [Asrg] spf

    this is a tentative option to spf, but does not
    seem to break forwarding:

    http://nucleo.freeservers.com/mba/

    have fun. gone, ricardo.












_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] spf, william(at)elan.net
Next by Date:  [Asrg] 0. General - Recent virus posting to the list, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] Re: message-body-authenticator, Ricardo Dirani
Next by Thread:  Re: [Asrg] spf, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]