On Mon, 2005-02-14 at 15:00 -0500, John R Levine wrote:
I don't know about you, but I would rather that people respond by
stopping the outgoing spam run than by running around and trying to
unsign mail that's likely already been received.
John, you seem to be insisting reputations should be based solely upon
the weaker IP address, rather than considering use of a signature for
this purpose.
I don't understand why you're bringing up IP addresses. None of my
messages have even mentioned them, and I don't see any connection between
mail signatures and IPs. If a domain signs a lot of good mail, it'll have
a good reputation. If it signs a lot of spam, it'll have a bad
reputation. No IPs are needed or even helpful, and as we'll see later,
revocation doesn't help manage reputations.
A signature's reputation would not be based upon the number of messages
signed. It would be based upon the number of signed messages received.
There is no assured relationship between the number of messages signed,
and the number of signed messages received. Again, this assumption of
numbers is true _only_ when reputation is based upon the IP address.
- With a signature and a revocation identifier, less effort is needed to
locate a problematic account.
Senders can and do put tokens in their messages now to identify their
users. Revocation IDs don't give them anything new here.
It establishes a convention permitting a practical means to ascertain
account/message status from the signing domain. This would be new and
would add significant value to the signature by abating spam.
- With a signature and a revocation identifier, cessation of abuse can
be comparable to closing an account.
Not at all. Revocation says "yes, we signed this mail but now we're sorry
we did." Closing an account means that it doesn't send any more mail.
The two aren't even similar.
Without a means to quickly revoke implied authorization, the
signature-domain could claim to have canceled the account, and suggest
further abuse must be "replay" abuse or from some other account. Those
monitoring signature-reputations would need to compile lists held for
weeks, without any direct means to confirm corrective action were taken.
Talk about games.
The more I think about revocation IDs, the more certain I am that they're
a bad idea since their sole utility is to allow sending domains to play
games with the mail they send.
Just the opposite! With a revocation-identifier, the period of time
between seeing abuse and expecting it to stop would not change from a
reputation based upon the IP address or the signature. Without
revocation, continuation of the same abuse for weeks would need to be
tolerated, games or no. Nor would would the lack of means to revoke
authorization deter those abusing the signature. : (
If I were a spammer, I'd sign all my spam, blast it out, wait 10
minutes for most of it to be delivered, then revoke it all. How can a
recipient tell that from an ISP that only revokes a little bit of its
mail?
These tactics would not go unnoticed. When noticing excessive spam,
either temporarily refuse the domain, or check, after a delay, messages
held in a queue. Either response could defeat this tactic, when a
revocation-identifier mechanism is available. In the case of bulk
signed mail coming from spam friendly senders, once a revocation record
is published, it would serve to positively identify content as being
spam and thereby mark "replay" sources as spam friendly.
The spam would all go through, then later analysis would tend to say, oh,
must have been a bad user. Recipients have to figure out which senders
are really ISPs and which are spam factories who only claim to have
customers. We've already been through these games, and I see no reason to
invent technology that helps spammers do another round of it.
There is value basing reputation upon a strong identifier. Not having a
means to revoke signed mail would invite abuse of the signature, making
signatures worthless as a basis for reputation and abatement. This
stronger name basis should provide an effective means to thwart spam,
but only when its use can be defended.
-Doug