ietf-asrg
[Top] [All Lists]

RE: [Asrg] 6. Proposals - DNS-Based - LMAP]

2004-03-30 16:42:26
What I could do which might help move us forward is to write a whitepaper
that has a table that lists the various incremental types of authentication
and accreditation that are possible in this space, the advantages and costs
associated with each.



-----Original Message-----
From: Fridrik Skulason [mailto:frisk(_at_)f-prot(_dot_)com]
Sent: Thursday, November 13, 2003 4:58 AM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] 6. Proposals - DNS-Based - LMAP]


The answer is that it will eliminate the worst types of 
spam, impersonation
spam.

One point to consider: Anything that will eliminate 
impersonation spam will
also have a drastic effect on computer worms.  It might be 
easier to push
a solution that will not only help with one problem (spam) but another
(worms) as well.  It will not eliminate either problem of 
course, but it
will help with both.

The reason this would work against worms is as follows: Many worms use
the same methods as spamming software to forge the sender's identity,
making it sometimes look to the recipient as if the sender is someone
he already knows, this making it more likely he will believe 
the message
and open/execute the attachment, activating the worm.

The "worst" mail-borne worm incident was without any doubt the one
involving W32/Sobig(_dot_)F(_at_)mm(_dot_)  That problem got "solved" on its 
own, because the
author included code to make the worm turn itself off globally on a 
specific date.

What if the next worm author is not equally "considerate"?

If the worm would not have been able to forge the identity of 
the sender,
one can assume that fewer people would have fallen for it and fewer
machines been infected and the problem would not have been as bad.

Therefore my suggestion is that anyone arguing for the implementation
of LMAP should not only point out the benefit with regard to spam, but
also the beneficial effects regarding worms.  This might for example
make it easier to convince companies like Microsoft to endorse the
proposal.

--
Fridrik Skulason   Frisk Software International   phone: +354-540-7400
Author of F-PROT   E-mail: frisk(_at_)f-prot(_dot_)com       fax:   
+354-540-7401

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>
  • RE: [Asrg] 6. Proposals - DNS-Based - LMAP], Hallam-Baker, Phillip <=