RE: Reality check please


Gordon said

I wish domain vendors were better about this sort of thing 
but we're going to see spammer-friendly registrars no matter 
what this group comes up with.


Excuse the thread drift, but (if in the US) wouldn't they be accessories
to a crime under CANSPAM?


   ----------------------------
   G. Waleed Kavalec
   Baca, Stein, White and Associates
   281-342-2646
 


-----Original Message-----
From: Gordon Fecyk [mailto:gordonf(_at_)pan-am(_dot_)ca] 
Sent: Wednesday, June 09, 2004 5:33 PM
To: IETF MARID WG
Subject: RE: Reality check please

And a point which is deliberately ignored is the problem of 0.10 USD 
throwaway domains and short-TTL bot networks. Yeah, I know, this will 
be solved anytime later with accreditation services.


I agreed with you on every point you brought up until you got to here.

And then I agreed with you on every point.

This is a sore one for any domain-based verification system.  Throw-away
domains, forged sub-domains and such are going to happen as soon as this
takes off.  I wish domain vendors were better about this sort of thing
but we're going to see spammer-friendly registrars no matter what this
group comes up with.

What will happen though, is there'll be a chain of accountability.  Or a
web of accountability, if you wish, to compare with a web of trust.  You
will be able to hold someone responsible for the forged e-mail, wether
it's a clueless administration that whitelists the entire net for their
domain, a clueless administration with a 0wnzd server, a clueless
registry, a deliberately malicious registry, a spam enterprise, or
whatever.

It's still going to be up to recipients to decide to hold senders
accountable.

Hm, perhaps that belongs in the Security Considerations section of
marid-core.  That this technology only effectively points fingers, and
it's still up to recipients to act on who's being fingered, er, pointed
at.

-- 
PGP key (0x0AFA039E): 
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: MTAmark (was: Reality check please), (continued) Re: MTAmark (was: Reality check please), Markus Stumpf Re: MTAmark (was: Reality check please), Hector Santos Re: MTAmark (was: Reality check please), Jon Kyme Re: MTAmark (was: Reality check please), Markus Stumpf Re: MTAmark (was: Reality check please), Peter Koch Message not available Re: Reality check please, Matthew Elvey Re: Reality check please, Douglas Otis Re: Reality check please, Matthew Elvey Message not available Message not available Re: Reality check please (You set me up! Thanks!), Matthew Elvey RE: Reality check please, Gordon Fecyk RE: Reality check please, G. Waleed Kavalec <= Re: Reality check please, wayne Re: Reality check please, Hector Santos