Re: MyDoom, Sorbig - Actions taken?
2004-02-05 08:56:16
I'd like to draw a parallel between "outgoing messages" and "outgoing IP
packets".
Here, I'm using the term "outgoing" in a very broad sense.
To reduce the amount of IP packet spoofing, router software manufacturers and
network admins have been encouraged to check "outgoing" packets and filter out
packets containing "spoofed" addresses. This can be easily done in routers and
could/should/has (?) reduced or eliminated spoofed packets traversing the
Internet.
Wouldn't it be nice if the same sort of thing could be done with email
messages?
Imagine all the viruses that would be blocked because they could only send mail
on
behalf of the "originating location's mail domain".
Of course, it can't really be done due to the current design of SMTP. Yes,
there are
some proposals that allow recipients to try to verify the allowability of an IP
address
to send mail on behalf "claimed sender addresses", but I consider these to be
band-
aid solutions.
And most importantly, controlling "outgoing" messages has nothing to do with
the
payload of those messages. So, MIME issues, for example, aren't in the picture
because the transport mechanism is transparent.
I think this is a good discussion to have. That is, can the email system be
changed to
reduce propagation of these types of viruses? I didn't see the initial posting
in this
thread, so I cannot comment on any early proposals that may have made.
I do think that "propagation control" is more likely to be successful if its
payload
transparent. I also think that given the current design of SMTP, no easy,
complete
and reliable solution for SMTP will be forthcoming.
So, perhaps mail-ng is the place to discuss sweeping reforms to messaging as we
know it, and this forum is a place to discuss shorter term solutions that are
reliable,
effective and possible.
I must say I'm rather disappointed with the tone of this thread, the innuendo
and
chest thumping on all sides. I think list subscribers are here because they
have
made contributions to "the technology of messaging" in the past, currently are
doing
so, or will do so in the future.
So comments like "you're clueless go away" and "I'm great look at all the stuff
I
wrote" seem out of character.
Thanks for reading this far.
--
Brad Clements, bkc(_at_)murkworks(_dot_)com (315)268-1000
http://www.murkworks.com (315)268-9812 Fax
http://www.wecanstopspam.org/ AOL-IM: BKClements
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: MyDoom, Sorbig - Actions taken?, (continued)
- Re: MyDoom, Sorbig - Actions taken?, Valdis . Kletnieks
- Re: MyDoom, Sorbig - Actions taken?, Hector Santos
- Re: MyDoom, Sorbig - Actions taken?, Keith Moore
- Re: MyDoom, Sorbig - Actions taken?, Hector Santos
- Re: MyDoom, Sorbig - Actions taken?, Valdis . Kletnieks
- Re: MyDoom, Sorbig - Actions taken?, Hector Santos
- Re: MyDoom, Sorbig - Actions taken?, Valdis . Kletnieks
- Re: MyDoom, Sorbig - Actions taken?, Keith Moore
- Re: MyDoom, Sorbig - Actions taken?,
Brad Clements <=
- RE: MyDoom, Sorbig - Actions taken?, Dan Wing
- Re: MyDoom, Sorbig - Actions taken?, Keith Moore
- Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Arnt Gulbrandsen
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Keith Moore
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Arnt Gulbrandsen
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Keith Moore
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), ned+ietf-smtp
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), william(_at_)elan(_dot_)net
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), John C Klensin
- Re: Using SUBMIT without bothering the user (was Re: MyDoom, Sorbig - Actions taken?), Keith Moore
|
|
|