[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for something

2015-12-10 11:11:30
On Thu, Dec 10, 2015 at 11:16:40AM -0500, Chris Lewis wrote:
There really are no technical differences whatsoever between a
blackhat and a whitehat trying to protect their identity. The ONLY
saving grace is that (in the spam space) the blackhat is forced to
resort to methods that scale high enough for an adequate ROI, while
the whitehat usually doesn't care that much.

Most spam filtering - again used in the broad sense - only cares about
the identity of the sending organisation (ISP, company, etc.). And
sometimes not even that. If an email body matches some (fuzzy)
signature, it gets blocked, often regardless of who sent it from where.

It's only when said organisation doesn't do a good enough job of
checking the identity (or the hat colour) of the sender, that being able
to find the actual sender matters to everyone else.

Tor, for example, being a case in point.  Tor would be ideal for
spam. And it was for a bit.  Slow, but worked.  I don't know whether
the fact that the tor network became so slow as to be unuseable, or
that the screams from the "spammed" turned the day, but so few tor
exit nodes support outbound port 25 nowadays that it isn't a big

If they hadn't all blocked that port (it's the default, I believe) then
every DNSBL would add the exit nodes; Tor, by design, doesn't hide the
nodes' IP addresses and it's easy to check if a certain IP address is
or was a Tor exit node at a given time.

Tor in an email context should be used to connect to an ISP's or
corporate mail server. It's up to them to decide whether they have
enough reason to believe youare a whitehat. Many believe they are able
to do so, though they often require a one-time phone verification.

If being able to hide (the geolocation of) your submission IP address is
of vital importance, then this is the way to use email. For most people,
this isn't necessary, but it is my belief that at the very least we
should help organisations that wish to protect personal data for all of
its users to do so in a way that doesn't seriously harm the existing
email infrastructure.


Attachment: signature.asc
Description: Digital signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>