On Sun, 2005-02-06 at 07:32, John R Levine wrote:
While the primary goal of adding an opaque identifier would be to
prevent replay abuse, it would also facilitate an alternative to
blocking an entire site with millions of users, where perhaps the
majority of these users have systems that are compromised.
As I said in my previous message, I actively do NOT want to make it easy
to do that. It's up to the sender to send mail legitimately. It is not
up to the recipient to do the sender's filtering for him, and the easier
we make it, the easier it is for lazy ISPs to say "we don't have to deal
with our zombies because the recipients can do it for us." If you don't
believe that's what some of them already think, ask AOL.
I agree that ISPs need help dealing with their zombies, but it's important
for us to give them tools to help identify and get rid of the zombies, not
to live with them.
Reputation protection remains the primary motivator. Removing problem
accounts by the provider is the desired goal and the identifier makes it
easier for the provider to locate these problems via abuse reports. The
signature/identifier ensurers accuracy in correlating and attributing
abuse.
Reputation protection would be the reason for wanting to include the
identifiers, as a means to prevent a replay attack, which the provider
can not block. By convention, the provider could publish their own
identifier blackhole-listing only to prevent replay attacks, whereas
known compromised systems should be blocked outright by disqualifying
accounts.
The signature protects the provider from possible blocking and
blackhole-listing errors, as users will not believe a compromised system
was the cause of their problem. The percentage of these systems being
compromised is large. Signatures and an opaque identifier added by the
provider would be powerful tool for addressing this situation.
-Doug