The worm attack on authentication schemes is a particularly bad one. I have
recently joined the list, so I apologize if this has been discussed previously.
But consider the following scenario: A new worm come out that uses infected
machine's designated servers to send out mail. Say these mail servers have a
SPF
or DK record and further they enjoy good reputations on the various reputation
services (since they mostly send out good mail). The recipient machines
do a SPF/DK check, it passes, they lookup the reputation, which checks out too,
and deliver the mail bypassing all content-based filtration sub-systems. The
recipient systems get infected. The smarter users start reporting the worm to
reputation services, who in turn punish the senders. After a while the senders
reputation drops so much that they are unable to send out legit mail.
Bingo.
I've been arguing PRECISELY this point for several years, and Wong (et al)
still
forge blindly ahead with SPF and other such equally braindead
authentication/DNS-based schemes.
This is bit of an extreme scenario, but a plausable one. Once it happens,
spammers will adopt it and change the payload (worm + spam).
Right, and they can do that literally overnight. SPF and other such schemes
SIMPLY DO NOT WORK because they DO NOT SOLVE THE PROBLEM. They only force
worms
to use "real" return addresses and "approved" servers, but that accomplishes
very, very little.
Meanwhile, the fine-grained permissions-list solutions which WOULD prove
effective and constitute a MAJOR clampdown on viruses/worms/spam get largely
ignored.
Go figure.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg