At 1:18 PM -0400 2003/10/23, David Maxwell wrote:
That's fine, but keep in mind that this has collateral damage
consequences.
It's my choice to accept those consequences - it's _my_ consent
decision.
That's fine -- up until the time where you tell other people that
they should be doing the same thing.
If you want to insert lit explosive devices into your body,
that's one thing. But when you start encouraging other people to do
the same, that's totally different.
That's not an abuse of DRIP. DRIP provides a layer upon which I can add
a white/grey/blacklist by domain. Without DRIP (or RMX, etc), I cannot
whitelist by domain, since spammers can forge spam claiming to be from
one of the domains I whitelist.
They could do that anyway. Remember the previous discussion of
DNS cache poisoning? Even if your servers are immune to cache
poisoning, what are the odds that the advertised nameservers of all
your whitelist domains are also secure?
Many of the viruses forge email source. If they didn't, I could easily
contact the sender and tell them to cleanup their machine.
Just forge the username. Unless you contact the system
administrator at that ISP and get them to match the username against
the IP address at that particular time, you'd never know (that's
assuming they have accurate logs for that time, or that they're
willing to do this for you since you're not a paying customer). Or,
forge the username within any of the other domains which are hosted
by those machines.
Of course, another issue with open caching/recursive servers is
that you can get anyone in the world to effectively host your domain
for you, and combined with wildcards they could appear to be hosts
for virtually all domains on the Internet.
I'm not rejecting the mails in the SMTP phase - so the RFC specs are not
relevant - however, the fact that I cannot implement
white/grey/blacklists leaves content inspection as the only method to
identify spam. That 'guesswork' takes a lot of CPU time, and gives me a
very non-deterministic answer anyway.
You're going to be forced to do that anyway. You're just going
to force the spammers to get that bit more crafty to by-pass your
so-called protection mechanisms.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg