ietf-asrg
[Top] [All Lists]

Re: [Asrg] DKIM role?

2008-11-22 08:43:46
On Thu, Nov 20, 2008 at 02:33:51PM +0000, Ian Eiloart wrote:
The only thing that matters is that you can reach the system 
administrator for the domain that sent the email.  Then you can assign 
reputation to the domain, and even to the email address used.

But you can do that today -- well, by IP address, at least, which is
(as we've seen from the use of DNSBLs) nearly always good enough to
make accept/deny decisions WRT email.

And *please* let's not try to assign reputations to individual email
addresses, as the scalability problems involved in N users with M email
addresses trying to track reputations of N users with M addresses,
given that N is on the order of 10e9, are awful.

happens from there on is down to local policy - it'll depend on whether 
the domain belongs to an ISP, a university, an individual, or whatever. 
But, you'll be able to hold the domain admin responsible for the email. 

I see what you're saying but we can do this *today* by IP address (and
thus by extension) by network.  In fact: we ARE doing it, and have been
for a long time.  It works quite well, without the need to invent and
deploy any new technology.

Given that it's trivially easy to change domains (spammers go through
them by the thousands, and ICANN seems quite intent on making this even
easier and cheaper for them) but much more difficult to forge IP addresses
and change networks, it seems much better for anti-spam purposes to
focus on addresses and networks, and not on domains.

But there's a more fundamental problem at work here.

We have to take into account the presence of a few hundred million
0wned systems -- whose new owners have the ability to immediately take
possession of any authentication credentials used on them, should
it please them to do so.

So although we frequently refer to spam as "the problem", it's not
the problem -- it's merely a symptom of the problem.  The problem is
a serious and fundamental lack of security on a very large number of
network endpoints.  That problem remains unaddressed except in token
fashion, which is why it continues to get worse with no sign
of any turnaround in the forseeable future.  (And multiple signs that
it could get much worse, i.e., the inclusion of DRM in popular OS
releases, meaning they're pre-compromised at the factory, so to speak.)

Sure, we could argue "go ahead and do it anyway", but I think that's
not a good idea.  The enemy reads these lists and the RFCs and the code, too,
and has long since demonstrated the capacity to wait until something's
deployed, then begin to exploit it.  This is, by the way, one of my
deep concerns with anti-forgery technologies: it's my opinion that
widespread deployment of one will be followed shortly thereafter with
widespread exploitation: see "few hundred million 0wned systems" above,
and note that the absence of any reason to think that corporate or ISP or
government or university or any other networks are free of these.
I'm worried that if we begin deploying technology that trains users to
believe that email is REALLY from who/where it claims to be from, that
they will eventually accept that training...at which point forgeries
become much more dangerous than they are now, when we're training users
never to believe that anything is from who/where it claims to be.

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>