ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] The state of the email system

2008-11-18 08:04:38
from [Rich Kulawiec] [Permanent Link] 
On Mon, Nov 17, 2008 at 08:55:40AM -0800, David Wall wrote:

Since DKIM is intended to identify the sender, to ensure sent email is  
legit and hasn't been forged, then it would reduce spam if all senders  
did this because reputation matters.  For one thing, sending spam is  
illegal in many areas, so having proof a spam is yours would not be good  
from a legal defense perspective.  Second, blacklisting with provably  
bad senders would be be more useful than some of the "random proof"  
blacklisting that goes on today.


<shrug> I don't see how.  We already have any number of well-known
senders out there who are equally well-known for sending spam over
long periods of time.  Yet many of them aren't blacklisted, or in
some cases, they are, but enough people have either not used the
blacklist or have used local whitelisting that the blacklist entry
is ineffective.


Yes, if you are infected by a spambot, you will send signed spam.  But  
if I can prove your system is sending spam, it may be easier and quicker  
to get resolution to clean that system. 


I'd like to buy into that, but I don't.  I don't think *any* mechanism
is going to motivate the former owners of a few hundred million zombies
to reclaim them and keep them that way.  (Not that I object -- I'm all
for it.  But it hasn't happened yet, despite the presence of compelling
evidence, and I don't think piling the evidence higher will change that.)


Of course, like all such solutions, the real key is to get receiving  
systems to start demanding such security be in place to accept email.   


Agreed.  That's definitely the key; but the history of receiving systems
to date is that their keepers have displayed considerable reluctance to
cut off all but the most egregious offenders.  Until that attitude is
changed, it won't matter what technology we invent, because all it will
do is tell us again what we already know.

(This reluctance extends to more than mail by the way: look at what
it took to get Atrivo/Intercage disconnected -- and just as importantly,
look at how long it took: many years.)

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd), Rich Kulawiec
Next by Date:  Re: [Asrg] The state of the email system, Dave CROCKER
Previous by Thread:  Re: [Asrg] The state of the email system, John Johnson
Next by Thread:  [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd), John L
Indexes:  [Date] [Thread] [Top] [All Lists]