Re: Chain of Trusted Forwarders

On Sat, 28 May 2005 16:45:40 PDT, David MacQuigg said:

> Spammer -->  Forwarder1 --> Forwarder2 -->  Receiver
>
> A Trusted Forwarder will authenticate the ID presented by the Spammer.  The 
> Receiver will look at that ID, and rate it just as if the Spammer had 
> connected directly to the Receiver.  If one of the Trusted Forwarders 
> messes up an authentication, then that forwarder loses reputation.
Exactly.  So every time Forwarder*2* accepts a bogus one, *it* loses...

> The game could get a little more complicated if Forwarder1 is the spammer's
The whole point is that Forwarder1 can be *assumed* to be the spammer's...

> friend, but not much.  About the fifth time a rating service has to deal 
> with a he-said-she-said situation involving Forwarder1, it will be pretty 
> clear who is faking authentication headers.
And after a long run of Forwarder1A..Forwarder1Q.., Forwarder2 is starting to
look pretty shaky in the reputation market as well.  Remember that we're talking
here about a class of opponents that have *literally* hundreds of thousands of
drones to enlist, and throwing tens of millions of bogus authentications.
"About the 5th time" gets you through the first 35 seconds of a concerted attack
against the reputation mechanism, if *that* long.

And don't bother suggesting "slow-start" mechanisms for setting up reputations -
the spammers are *already* sometimes lining up domains and zombies well in 
advance
of the run they are to be used for.  There's no reason to believe they *won't*
engage in a ramp-up of bouncing totally pointless mail back and forth just to
drive up their reputation score before they make their spam run...

pgpB68PDmRosr.pgp
Description: PGP signature