At 05:48 PM 5/28/2005 -0400, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Sat, 28 May 2005 13:05:20 PDT, David MacQuigg said:
> I would establish three levels of compliance for servers wanting to be
> listed as Public Mail Servers:
>
> 1) Servers that will declare their ID, and provide a DNS record to
> authorize the use of that ID.
>
> 2) Servers that will capture the IP address and any ID declared by the
> previous sender, and prepend that information in a standard authentication
> header.
>
> 3) Servers that will perform an authentication check on the declared ID,
> using any widely-accepted method, and prepend the result of that check.
4) Servers that will prepend text that appears that they have performed one
or more of the previous tests, with a claimed result.
You forgot the authentication part. Let's be very specific with this
example and avoid a long digression.
Spammer --> Forwarder1 --> Forwarder2 --> Receiver
A Trusted Forwarder will authenticate the ID presented by the Spammer. The
Receiver will look at that ID, and rate it just as if the Spammer had
connected directly to the Receiver. If one of the Trusted Forwarders
messes up an authentication, then that forwarder loses reputation.
The game could get a little more complicated if Forwarder1 is the spammer's
friend, but not much. About the fifth time a rating service has to deal
with a he-said-she-said situation involving Forwarder1, it will be pretty
clear who is faking authentication headers.
--
Dave
************************************************************ *
* David MacQuigg, PhD email: david_macquigg at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *