ietf-mxcomp
[Top] [All Lists]

RE: when spoofing isn't

2004-03-19 14:41:53


But here, you assume that the RFC2822 identities would be the logical
next target.  I'd think that the spammers would be more 
likely to take a
less subtle approach and try to subvert the authorization 
mechanism.  In
the case of several approaches, this would mean DNS 
poisoning, denial of
service attacks against nameservers, and other such trickery.

I think that the attacks you propose are brittle, entirely infeasible
on a bulk basis even if the attackers had the ability. 

Forging RFC822 is trivial.


How aout we compromise here?

Put all the parts of the draft I suggest be non-normative off
in a separate document. Focus on defining the normative text 
and getting that approved.

The non-normative text is delivered when nits are ironed out.
It would be informational so updates are much easier.


<Prev in Thread] Current Thread [Next in Thread>