ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Re: "worm spam" and SPF

2004-11-28 12:04:10
from [gep2] [Permanent Link] 
gep2(_at_)terabites(_dot_)com wrote:



I've been arguing PRECISELY this point for several years,

and Wong (et al) still forge blindly ahead with SPF



That would be at most two years if you'd count RMX as the

concept, and SPF as its realization.

I could go back and find my archived posts on the issue, but ultimately it 
matters little.  In Internet terms, anyhow, it's been quite a while.


SPF and other such schemes SIMPLY DO NOT WORK because they

DO NOT SOLVE THE PROBLEM.  They only force worms to use
"real" return addresses and "approved" servers, but that
accomplishes very, very little.



That's a contradiction.  First you say SPF doesn't solve "THE

PROBLEM", and then you say that SPF exactly does what it's
supposed to do.  Apparently your definition of "THE PROBLEM"
has nothing to do with SPF.  

Or, alternatively, the problem SPF "solves" is NOT the spam problem, nor is it 
the worm problem.  It doesn't even mean that E-mail comes legitimately from a 
trusted person with an authenticated return address.  It (arguably) ensures 
that 
the machine that sent the mail can be identified as such;  but as long as 
authenticated machines can be infected and recruited to send "authenticated" 
worm/spam messages, SPF and similar schemes do very little to prevent such 
things... you're still running along after a constantly moving target, trying 
to 
lock the barn door (and there are MILLIONS of them, and new ones being created 
all the time) after the horse has escaped.  And then you have the issue, too, 
of 
undoing the DAMAGE that SPF has done, not only to "recommission" the victim's 
E-mail integrity, but also fixing the many legitimate systems that SPF breaks.


And your "solution" is to get rid of MIME multipart resp. text/html, and 
mails 

bigger than 12 KB.

No, not at all.  

The point of the permissions list is that small(ish) plain text messages 
(without attachments) are QUITE SUFFICIENT for UNEXPECTED initial contact 
messages from UNFAMILIAR senders.

Once the contact has been made, and the recipient trusts the sender, *if* there 
is going to be an extended correspondence, then the recipient can enable ONLY 
JUST the type of bulkier/riskier content that they agree that the sender wants 
and needs to send, and which the recipient trusts the sender not to abuse.  
It's 
really a matter of not just WHO the sender is, to THIS recipient, but what mail 
from them is "expected" to look like.  Mail coming "from" that sender but which 
doesn't look as it normally does (e.g. suddenly it's got Java, or .CPL or .SCR 
attachments, or decryption, or obscured URLs, or ActiveX or whatever) is BY 
DEFINITION suspect BECAUSE it doesn't look like what the recipient expects to 
receive from that sender.  It doesn't fit the pattern.  (Other mail from the 
same sender probably DOES look "right" and thus will continue to sail right 
through, as it should).


Your recipe won't help me against hundreds of bounces... 


"bounces" containing viruses or worms (for example) WOULD be identified and 
blocked if they didn't fit the default criteria from that (probably unknown) 
sender.


..and other crap like challenges caused by forged addresses unfortunately.


It would block what it blocks, and that's set (and changed when necessary) by 
the recipient.  It would virtually eliminate E-mail as a vector for the 
transmission of worms and viruses.  It would make major inroads against 
phishing 
attacks in E-mail by making it harder to spoof URLs.  With widespread adoption, 
it would reduce the sheer byte volume of unsolicited spam by forcing spammers 
to 
mail it as plain text of limited size, as HTML-burdened spam is generally 3-5x 
bigger than a plain text equivalent.  It doesn't break vanity domains, doesn't 
break "atypical" send paths (e.g. the cruise ship Internet cafe or the hotel 
business center or the Internet cafe) and doesn't break mailing lists or other 
forwarding.

Better yet, it is implementable on an individual system basis, provides 
IMMEDIATE benefits to those using it, requires no worldwide consensus or 
sweeping changes.  Win-win.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Re: "worm spam" and SPF, Frank Ellermann
Next by Date:  RE: [Asrg] "worm spam" and SPF], Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] "worm spam" and SPF], Fridrik Skulason
Next by Thread:  [Asrg] Re: "worm spam" and SPF, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]