On Sun, Nov 30, 2008 at 03:18:14PM +0100, Alessandro Vesely wrote:
I thought when you talked about <<doing anything technical about spam
*that requires treating those systems as trustworthy*>> you meant end
user machines, not servers.
I do mean that. The point I'm trying to make (and may not be making
very well) is that there's no way for an external entity, like a server,
to programatically tell the difference between (a) a real/non-spam
message sent by the former owner of a zombie and (b) a spam message sent
by the new owner of the zombie. Either the former or new owner could
cryptographically sign it, and those signatures are indistinguishable.
And once a message is handed off to any mail server which will accept
mail from that zombie (which probably means any topologically local as
well as any for which the former owner possessed credentials) there's
nothing different about a spam vs. non-spam message.
Sure, a skilled/experienced human could inspect such a message and
in at least some cases, make a reasonably reliable estimate, but
that's not much help.
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg