ietf-mxcomp
[Top] [All Lists]

Re: [Fwd: HELO, IPR, A&R means new draft?; scope; Microsoft - (Re: DEPLOY - IP, HELO & touch count. )]

2004-09-14 23:54:52


I was unsubscribed, but someone cc'ed me, so let me make one final post to this 
mess.  I wasn't going to bother, because co-chairs already made their decision, 
but since someone mentioned AccuSpam in this post, I might as well explain how 
you all misunderstood my point.


Also, Accuspam implicitly asked an interesting question - why specify
what the list of servers may be used for?  Here's an answer: It's
generally much easier to specify a list of servers that will
legitimately use a domain (e.g. elvey.com) in HELO than it is to specify
a list of servers that will use that domain in PRA or  2821.MAIL FROM! 
Hence some folks will only want to specify the former. Some folks may
want to specify a smaller set of servers for one versus another.
Accuspam said : "Publishing the approved mail servers is something
everybody can agree to do I think?" but this is more complicated than it
seems at first glance, because the set of approved servers for a given
domain is different depending on what its approved for.


Apparently no one got my point during the concensus call.

Scopes in MARID is useless complication.  People in this discussion list are 
using arguments about the FAIL case to argue that scopes are needed.  The 
non-PASS cases will FOR A LONG TIME (as in probably our whole lifetimes) be 
mired in issues about incomplete adoption, and alternative spoofing identities.

The logic:

1) None of the possible MARID scopes can provide hard FAIL without unacceptable 
false positives:

        a) Incomplete adoption of forwarding solution means honoring hard FAIL 
generates false positives.  Even with 80% adoption, you still have 20% risk of 
false positives.

        b) Humans are not perfect and can not always be expected to always send 
from approved mail servers.  Thus false positives.  This scales really poorly 
the more humans are sharing a domain (e.g. ISPs, businesses, etc).

        c) Generally in life anything that requires more than 20% of 
participants to make some change before any benefit (e.g. use of FAIL) can be 
obtained will not gain momentum in marketplace.  FAIL has to provide benefit 
for early adopters in order to snowball.  It is a chicken and egg, and 80% 
chicken or 80% egg won't help.  100% anything is impossible.

2) All of the possible MARID scopes can forge alternate important identities:

        a) PRA can forge From: and MAILFROM: etc.

        b) SPF can forge any header

3) Thus MARID scopes are entirely useless for deleting e-mail.  MARID does not 
detect forgery.  You can try to measure probabilities on non-PASS cases for 
domains to build reputation services, but you will get very noisy data because 
the identities are not well correlated to forgery or spam because of #1 and #2 
above.  Spammers can do many "tricks" (some alluded to above) to make sure that 
anything but a PASS case is too noisy to prevent false positives or false 
negatives.

4) Only the PASS case of MARID scopes is a useful datum.  The PASS case tells 
you that the e-mail is not a forgery (except for intra-domain forgery, e.g. a 
spammer who uses an Earthlink.net account to spam all Earthlink.net users).  
The non-PASS cases tells you an e-mail might be forgery, but with no certain 
probability.  The users of the result (anti-spam) have to build algorithms 
which correctly do not generate false positives (because recipients do not 
accept anti-spam with many false positives).  In fact, AccuSpam already has 
developed a proprietary anti-spam algorithm (we will soon release it) which 
ignores all but the PASS cases of the various MARID identities.

5) Thus declaring scopes is useless.  A unified DNS record can be used to test 
against all identities for the PASS case.

6) Declaring scopes will just result in a war between syntaxes and 
fragmentation and loss of unencumbered adoption.

Any way, you all do what you want.  It seems the co-chairs are determined to 
push a "pra" scope in a separate DNS record ("rough concensus" is an oxymoron), 
so that eventually we will end up with major corporations only publishing "pra" 
records and eventually Microsoft adding new syntaxes to that record (defacto 
standards via monopoly control) and eventually any hope of a unified record or 
unencumbered identities will die.

Sigh.

(And the above logic has nothing to do with what is in your silly archives of 
endless circular discussion).

Now please do not CC me.  I do not care what you do.

More power to Microsoft!  I have no problem using "pra" records in an 
unencumbered AccuSpam algorithm.  I tried to help encourage a unified record 
because FAIL is not important, only PASS is, but it really doesn't matter that 
much to me.

-Shelby Moore
http://AccuSpam.com


<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Fwd: HELO, IPR, A&R means new draft?; scope; Microsoft - (Re: DEPLOY - IP, HELO & touch count. )], AccuSpam <=