On 27-mei-04, at 16:56, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
the proposals aren't even a workable solution to
the real problem (I've yet to see a proposal that works if the
spammers start
utilizing zombie machines that snarf the already-stored credentials of
the user
to send mail)....
It amazes me how many people are eager to declare defeat on the spam
problem.
Regardless of anything else, having authenticated mail allows
whitelisting. If credentials are compromised they're simply removed
from the whitelist. This should work well for all non-huge whitelists.
There is also the possibility of blacklisting known bad credentials.
Yes, spammers can steal credentials, but this is several orders of
magnitude more difficult than just generating a random from address as
can be done today. The question is whether spammers can obtain new
credentials (stolen or otherwise) faster than others can blacklist
them. For user-based credentials this could very well be the case
(although I'm not conceding to that), but for MTA-based credentials it
should be possible to rate limit the obtaining of a new identity such
that spammers can no longer reach critical mass. (I.e., wait a week
before you can use an MTA with a certain address, then spam an hour
before you're blacklisted reduces the amount of spam that can be sent
from an address by a factor 169.)
"The people who claim that something can't be done shouldn't get in the
way of the people doing it."
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf