On Wed, 17 Aug 2005, Tony Finch wrote:
There's a lot more information available about domain names than about IP
addresses,
I disagree.
e.g. via whois, via the domain's NS records, etc. This
information can be used to bootstrap a reputation in a way that defends
against the use of throwaway domains by spammers.
For through-away domains whois data is not reliable (and that just like
with email there is no protection against using somebody else's address)
and ns servers could simply be default ones provided by domain registrar.
OR often point to compromised machine (zombie, hacked server, compromised
dns service, etc) and with changes introduced by Verisign this year they
can now be quickly (within 15 minutes) changed whenever the compromised
machine is discovered and filtered (which is exactly what happens to
phish email used domains I've investigated).
In the end the most reliable way to detect and filter these domains is
actually based on ip address of the the server hosting the website for
the advertised and used domain (for order taking). So I'm not at all
certain that doing reputation on per-domain basis will be easy (in fact
I think it would be more difficult then on per-ip).
The good thing is that for non-through away domains (those that have
been used for a while) the reputation can be accumulated overtime and
can be quite useful but it will take quite some time (years) before
we're able to get to the point that this is possible (i.e. relying
primarily on positive reputation score).
So, while email signatures are good thing and if properly implemented
can defend against spoofing and increase email security and reliability,
claiming that this will allow us to stop spam (either directly or
indirectly putting all hope on accreditation/reputation) are incorrect.
I also disagree that there is some-kind of big pressure to get this out
ASAP (and so we should disregard normal IETF protocol/extension design
procedures) because this will be the only thing that will help us save
email. That is just wrong and "antispam marketing pressure" is no excuse
to introduce system that can do more harm to the network then good or
that can be of use only for limited audience.
In the end I think the way to save email would requiring looking at the
entire protocol in more comprehensive way than what is being done by any
one effort and to put marketing and corporate interest aside for greater
good when doing it, but from what I have seen so far that is unlikely to
happen for SMTP protocol and it may turn out to be easier to just design
new messaging system (although it would be harder and take more time if
comparing actual design work needed to finish it off and introduce it).
---
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org