ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] MTA Trust Management / Authentication, Zombie Prevention and Virus & SPAM Prevention

2004-05-17 00:11:36
from [Joshua Leisk] [Permanent Link] 
"We" is yet to be decided - that why this why this is a group effort... we
want ideas here, which is why I am posting mine.
"Who' need not be the same body as "We" - there could be a 3rd party
'Enforcement Agency', or many - the reporting is a separate function.. we
already have multiple blacklists, from multiple providers... no reason why
that can't continue, just in a different format.

Single authority? - This is somewhat similar to the DNS and WHOIS.. add your
thoughts..

COST - 
This is important - this is a 'bring a friend' arrangement - if your mail
server can be vouched for by others, there is no bond... In reality I would
prefer no bond at all and only have a 'circle of trust' that expands
outwards... but you need to allow for net.newbies.. 

Ongoing arrangements require identification checks, which incur time and
cost. Domain name registration costs, so what's the big deal paying for a
mail server while you're at it? Capitalism at its best. Work out what spam
and viruses cost you every year  - more than a yearly registration.


Joshua Leisk
http://www.intechcomm.net.au


-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] On 
Behalf Of Seth
Breidbart
Sent: Monday, 17 May 2004 3:05 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] MTA Trust Management / Authentication, Zombie Prevention
and Virus & SPAM Prevention

"Joshua Leisk" <nospam(_at_)intechcomm(_dot_)net(_dot_)au> wrote:


I propose that we need to construct a global registry of certified


Who is "we"?  Who certifies?  Why should I trust them?


closed-relay, 'spoof'-proof email servers, married to the verified details
of the server's owner,


Who verifies?  How much does this cost?


 who are possibly placed under a financial security
bond, depending on the age of the domain name and previous history,


Why should somebody have to pay to send email?  Who holds the bond?
Who determines when it gets forfeited?  To whom does it get forfeited?


to operate it SPAM-free and then prevent all 'registered' email
servers from receiving email from any 'unregistered' email server


Nobody gets to prevent my server from doing what I want.  My toys, my
rules.


The exquisite beauty of this system is that the onus is no longer on
the recipient to deal with the SPAM or viruses, but the sender to
prove that it is NOT SPAM or a virus.


Why should I have to prove it to _your authority_?


As an email virus could never be a registered SMTP mail server,


Why not?


Financial accountability is required to enforce compliance with
anti-SPAM regulations. If the registration of a new mail server, for
which the domain name is less than 12 months old and if the new mail
server owner was not able to be 'sponsored' or vouched for by a
number of 'trusted' registered mail servers, required the new owner
to supply a security bond of (suggested) US$2500+,


No.

I ain't gonna pay.  Deal with it.

Feel free to reject my email, of course; it's up to your users if
they'd rather get my email or pay you for email services.


A yearly registration fee for each email server


will never be paid.


Methods like 'SPF" and RMX are a great idea, but do not PROVE that
the mail server is the registered mail server, only that it is a
mail server that is communicating on port 25 of the public IP
address for which the mail server operates. This leaves a private
network utilising network address translation (NAT) wide open for
Trojans, SPAMbots and viruses that could easily lookup the external
IP address, perform a reverse lookup and masquerade the original
mail server. This is not good.


Anybody who puts their outgoing mailswerver behind the same NAT
address as a bunch of luser boxes is an idiot.

Get the idea?

I don't want a central authority, and won't cooperate with one if
forced to.  (I will, of course, cooperate with various private
authorities to whatever extent I feel like at the time.)

Seth

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] MTA Trust Management / Authentication, Zombie Prevention and Virus & SPAM Prevention, Seth Breidbart
Next by Date:  Re: [Asrg] MTA Trust Management / Authentication, Zombie Prevention and Virus & SPAM Prevention, Matt Sergeant
Previous by Thread:  Re: [Asrg] MTA Trust Management / Authentication, Zombie Prevention and Virus & SPAM Prevention, Seth Breidbart
Next by Thread:  Re: [Asrg] MTA Trust Management / Authentication, Zombie Prevention and Virus & SPAM Prevention, Matt Sergeant
Indexes:  [Date] [Thread] [Top] [All Lists]