ietf-mxcomp
[Top] [All Lists]

Re: Forging (was Re: Differences between CSV and Sender-ID )

2004-07-08 12:05:15

Dave Crocker <dcrocker(_at_)brandenburg(_dot_)com> wrote:
 Spammers have proved to be astonishingly and quickly adaptable
AD>   In some situations.  In others, they are astonishingly idiotic.
AD> Once again, the behavior is situational.

the folks who command estimated millions of compromised machines, with
a 3- or 4-tier control hierarchy, do not count as idiotic.

  I have two responses:

  a) please re-read what I wrote.  I said SOME are idiotic, not ALL.
     It's rude to cherry-pick a complicated scenario, and make it
     sound like I said those people were dumb.  I didn't.

  b) Don't mistake "script kiddies" for people with a clue, or for
     spammers.  Computers have things called "scripts" or "programs"
     which idiots can run to perform complicated tasks.  And idiots
     can buy CPU time on "owned" machines from smart people, and use
     that time to send spam.

i've explained the reason quite a few times. just so it is not missed
again:

  Shall I re-post my standard response?  I don't feel we're
communicating here.  I try to explain my position in response to your
posts, and your replies simply re-state your position.

  Did you think I didn't read your comments?  Or maybe I didn't
understand them?  I thought my responses explained not only that I
understood them, but that I disagreed.  I even gave reasons why.

AD>   To address your analogy,

If you mean bandages, it's not mine.  you introduced it, as i recall.
I was simply trying to pursue it.

  Uh, no.  You called spam a "disease", which is either an analogy, or
perjorative term.  My later sentences followed the disease analogy,
and didn't discuss bandages.  Perhaps you were confused that both
analogies had medical roots.

Please show me a successful, global standard that has been designed
to respond to one set of symptoms, when the source of those symptoms
is constantly adapting, guaranteeing that the symptoms will become
irrelevant as soon as the response begins to take effect.

  I could swear I had addressed that comment in my previous message.

AD>  That's the basic concept behind MARID.  Having domains
AD> maintain BL's about others is expensive and pointless.

pointless?  so spamhaus and all those other lists are pointless?

  I am continually amazed at how what appears to me to be simple
english is construed to mean the most idiotic things.

  What I was originally discussing was ideas from this WG: domains
hosting policy information about themselves in DNS.  RMX, SPF, CSV,
and Sender-ID all fall into this category.  My comments that MARID
could be construed as domains maintaining black/whitelists were
intended to be taken in the context of this WG: domains maintain
policy information about themselves, and that information may be used
by others as input to blacklists/whitelists.  You seemed to interpret
that statement as saying that every domain would have to maintain
information about every other domain.  And when I said that was
pointless, you suddenly switched to thinking that I was claiming
DNSBL's were pointless.

  Can you explain to me how I can write simple english sentences on
this list, so you don't interpret them as being blindingly idiotic
statements?

  I'm appalled at how badly we're communicating.

  For the record, I believe I understand your opinion very well.  You
think temporary measures aren't permanent solutions.  I agree.  You
think that these temporary measures require some kind of global
coordination before they will work.  I don't see why.  You think that
we should be looking for cures, rather than temporary measures.  I
agree.

  Where I disagree with you is in the utility of the temporary
measures.  You seem to think they have no longer-term utility, and
I've tried to demonstrate why I think you're wrong.  Rather than
address my concerns, you just repeat your position.  I don't see why
this approach would be considered communication.

  Alan DeKok.


<Prev in Thread] Current Thread [Next in Thread>