ietf-mailsig
[Top] [All Lists]

Re: Replay attacks and ISP business models

2005-08-07 17:34:56

In <42F66351(_dot_)6040303(_at_)mtcc(_dot_)com> Michael Thomas 
<mike(_at_)mtcc(_dot_)com> writes:


I agree. I think that the thing that really ought to
be proven here is whether "replay" is a real threat or
not. At this point, it is purely academic and I think we
have a pretty spotty track record of determining what the
miscreants next steps will actually be.

I don't think the replay attack is purely academic.  There is an
extremely long history of spammers doing all sorts of things to ride
on the reputation of others.  That includes signing up for free email
accounts on the hopes that people won't reject email from
$large_emailer, trying to get on things like bondedsender/iadb,
sending email $big_isp's MTAs, and, of course forging email
addresses.

Are you seriously suggesting not worrying about the replay attack
until it is widespread?


                                        For one, it's not
clear that if domains -- in an effort to maintain their
reputation -- start spam-filtering their outbound mail,
you'd reduce the effectiveness of the so-called replay
attack by about 2 orders of magnitude. It seems to me that
it's pretty likely that they'll find something else to do
if that scenario plays out.


I don't see how filtering their outbound will help much in preventing
the reply attack.  At the time the original email is sent, it is
neither bulk nor unsolicited.  It is only once it is recent to
millions that it becomes bulk and unsolicited.  While I'm not one of
those people who think that content is 100% irrelevant and and should
never be checked as part of spam filtering, I do think that trying to
detect spam based solely on the content is a bad idea and won't work.


-wayne

<Prev in Thread] Current Thread [Next in Thread>