ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: namedroppers, continued

2003-01-07 19:33:50
from [Daniel Pelstring] [Permanent Link] 
Doug,

    This topic comes up quite often.  It has been discussed at length many
times.  Do not take criticism of your ideas too harshly, it is just that
most people here have seen these same solutions proposed by many people over
many years.  It gets a bit old and, patience gets a bit short.  A very quick
summary of the solutions proposed during these discussions is as follows:

A) Anybody can send mail to anybody (what we currently have.)

B) Mail servers check that the sender is authorized to send mail to the
users of its system.

C) Sending mail requires some sort of computationally expensive to compute,
easy to check, data to be sent along with messages (probably based on sender
address, receiver address and message)

    Unfortunately, B requires that there be some way to authenticate users
of other systems.  The only way that has been thought of to do this is to
have some central authority to do this.  While it is certainly possible,
this is thought to be a bad idea for many reasons, the most prominent of
which is the potential for abuse.  Lacking a central authority, this can be
done on mail servers already, with no need to involve the IETF (an example
would be whilelists.).

    Unfortuantely, C would have to be computable in a reasonable amount of
time in order not to be a major headache.  This means that the spammers
large cluster of powerful computers would still be able to send many
messages.  It would also wreak havoc with mailing lists.  It would also
become easier to compute as time goes on, due to the ever progressing nature
of computers.  This does not even take into account that we would be
creating a standard with the sole purpose of inefficiency, which probably
makes most engineers wince and, although that may not seem like such a
horrible idea right now, this standard could survive far into the future,
with implications yet to be known (keep in mind the scale on which these
standards will be implemented.)  If another solution is implemented in the
future, this may come back to bite us.

    At the moment, it seems the IETF consensus (notice the *seem* here, this
is my personal opinion taken from reading the discourse on these lists) is
that the best solution is A.  At some point another solution may hold the
majority favor, but that time is not now.

    Of course, it is possible that there is a solution that has not been
thought of, in which case it is a bad idea to discourage people from
thinking about it.  Know, however, that this list contains many extremely
arrogant (many of them justifiably so) experts in their chosen field, who
dislike their time being wasted.  I encourage you, if you have further
ideas, to do the required research to see if it would work before sending a
message and, be very thorough.  Also know that if you choose to get into a
flame war with people on this list, that some them have likely been doing
this for decades and, are probably much better at it than you are.  It is
likely to do nothing but frustrate you.  If you have another idea and, have
questions about how to check that it is at least feasable, I would be happy
to point you in the right direction.

-Daniel Pelstring


----- Original Message -----
From: "Doug" <Dougxx2(_at_)carolina(_dot_)rr(_dot_)com>
To: <ietf(_at_)ietf(_dot_)org>
Cc: "Lloyd Wood" <l(_dot_)wood(_at_)eim(_dot_)surrey(_dot_)ac(_dot_)uk>
Sent: Tuesday, January 07, 2003 1:33 PM
Subject: Re: namedroppers, continued



Hello Mr. Wood,

----- Original Message -----
From: "Lloyd Wood" <l(_dot_)wood(_at_)eim(_dot_)surrey(_dot_)ac(_dot_)uk>
To: "Doug" <Dougxx2(_at_)carolina(_dot_)rr(_dot_)com>
Cc: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>; <ietf(_at_)ietf(_dot_)org>
Sent: Tuesday, January 07, 2003 7:05 AM
Subject: Re: namedroppers, continued



Doug has rediscovered the idea of closing open mail relays to

prevent

unauthorised use by outsiders sending to outsiders. This was a big
thing in the early 90s when email became popular.


This may seem to be a bit basic for some of the people who have worked
on this problem for years. My intention was not to prove that I had
the latest and greatest solution to the spam problem. It was to get
the ball rolling in an open discussion forum and present my ideas on
the topic in the hopes that someone who knew more than me on the topic
would as well.



Doug has also come up with the idea of adding the IP address of the
originating client machine (not necessarily using SMTP) in a header
so that an attempt can be made to identify it - e.g. Hotmail has

done

that for years.


After examining the headers of many of the spam advertisments I get
and trying to contact the administrator of the network it came from I
find that it is usually futile because the network doesn't exist and
the IP information is incorrect. I also find that most use false
sender and reply address information (in an attempt to keep recipiants
from filtering them). This makes it hard (at least for me) to do
anything about them. I have experimented with filters for subject
wording but this unfortunately hits on some of my wanted email as
well. This reduces my ability to to block them on the receiving end.
Even if I could it doesn't help the net congestion they cause or do
anything about the processing time it is using across the net. These
things leads me to propose that a more global solution needs to be
implemented. The problem here is that when you bring this up for
discussion in a professional environment like this one people don't
want to discuss it. Instead they consider it a problem that has no
solution and just want to forget about it.



L.

missing mail admin experience, I think.


Very true. I have never administered anything other than my http and
ftp servers. I have thought of turning on the mailserver but I do not
know enough about administering it yet and I really have no need for
it. I certainly hope that nobody thought I actually ran my own mail
server because I was not my intention to pretend that I did.

It is nice to see someone with more knowledge and/or experience on the
topic than me taking the time to think (and talk) about it.

Thanks for the input,
Doug
Asking questions, presenting possible solutions, and learning from
mistakes is how we get solutions.
---------------snipped previous for sake of size------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Please recant or appologize to Jim Flemming, Peter Deutsch
Next by Date:  FW: Please recant or appologize to Jim Flemming, Franck Martin
Previous by Thread:  RE: namedroppers, continued, Tony Hain
Next by Thread:  Re: email and spam (was: Re: namedroppers, continued), John C Klensin
Indexes:  [Date] [Thread] [Top] [All Lists]