ietf-smtp
[Top] [All Lists]

Re: MyDoom, Sorbig - Actions taken?

2004-02-05 09:48:04

On 5 Feb 2004 at 11:37, Keith Moore wrote:

Wouldn't it be nice if the same sort of thing could be done with email
messages?  

no, it wouldn't be nice to be forced to always submit mail from the same
location.

IP addresses are inherently tied to network locations.  email addresses are
not.

That's right. That's why I said this isn't really possible with SMTP. After 
all, being able 
to send from anywhere as anyone is allowed AND used frequently today.

I think I didn't make my point clear. I was suggesting a conceptual vision, 
which 
would rely on a briefly mentioned topic on the mail-ng list as "sender 
authentication/verification".  

If you can verify the sender then it could become possible to control message 
"injection" into the "mail system". And one of those controls could be "is this 
sender 
allowed to send from this 'location'?". I'll handily leave "location" undefined.

This not really possible with SMTP as it stands now anyway. 

Imagine all the viruses that would be blocked because they could only
send mail on behalf of the "originating location's mail domain".

the viruses wouldn't be blocked, they'd just have different From addresses.


True. Perhaps I should have said "now we can track down the person who has a 
machine that's infected". 

At the least, all the "hey you have a virus" automated replies will go to a 
somewhat 
more appropriate location ;-)



-- 
Brad Clements,                bkc(_at_)murkworks(_dot_)com   (315)268-1000
http://www.murkworks.com                          (315)268-9812 Fax
http://www.wecanstopspam.org/                   AOL-IM: BKClements


<Prev in Thread] Current Thread [Next in Thread>