Gordon said
I wish domain vendors were better about this sort of thing
but we're going to see spammer-friendly registrars no matter
what this group comes up with.
Excuse the thread drift, but (if in the US) wouldn't they be accessories
to a crime under CANSPAM?
----------------------------
G. Waleed Kavalec
Baca, Stein, White and Associates
281-342-2646
-----Original Message-----
From: Gordon Fecyk [mailto:gordonf(_at_)pan-am(_dot_)ca]
Sent: Wednesday, June 09, 2004 5:33 PM
To: IETF MARID WG
Subject: RE: Reality check please
And a point which is deliberately ignored is the problem of 0.10 USD
throwaway domains and short-TTL bot networks. Yeah, I know, this will
be solved anytime later with accreditation services.
I agreed with you on every point you brought up until you got to here.
And then I agreed with you on every point.
This is a sore one for any domain-based verification system. Throw-away
domains, forged sub-domains and such are going to happen as soon as this
takes off. I wish domain vendors were better about this sort of thing
but we're going to see spammer-friendly registrars no matter what this
group comes up with.
What will happen though, is there'll be a chain of accountability. Or a
web of accountability, if you wish, to compare with a web of trust. You
will be able to hold someone responsible for the forged e-mail, wether
it's a clueless administration that whitelists the entire net for their
domain, a clueless administration with a 0wnzd server, a clueless
registry, a deliberately malicious registry, a spam enterprise, or
whatever.
It's still going to be up to recipients to decide to hold senders
accountable.
Hm, perhaps that belongs in the Security Considerations section of
marid-core. That this technology only effectively points fingers, and
it's still up to recipients to act on who's being fingered, er, pointed
at.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>