[Asrg] Locked addresses (was Do we need to do anything?
"David F. Skoll" <dfs@roaringpenguin.com> Fri, 07 March 2003 02:11 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24256 for <asrg-archive@odin.ietf.org>; Thu, 6 Mar 2003 21:11:53 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h272NBT07425 for asrg-archive@odin.ietf.org; Thu, 6 Mar 2003 21:23:11 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h272NBO07422 for <asrg-web-archive@optimus.ietf.org>; Thu, 6 Mar 2003 21:23:11 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24244 for <asrg-web-archive@ietf.org>; Thu, 6 Mar 2003 21:11:22 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h272L2O07214; Thu, 6 Mar 2003 21:21:02 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h272L0O07199 for <asrg@optimus.ietf.org>; Thu, 6 Mar 2003 21:21:00 -0500
Received: from ottawa-hs-209-217-122-117.s-ip.magma.ca (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24137 for <asrg@ietf.org>; Thu, 6 Mar 2003 21:09:10 -0500 (EST)
Received: from shishi.roaringpenguin.com (shishi.roaringpenguin.com [192.168.2.3]) by shevy.roaringpenguin.com (8.12.8/8.12.8) with ESMTP id h272BGBD021605 for <asrg@ietf.org>; Thu, 6 Mar 2003 21:11:16 -0500
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: asrg@ietf.org
In-Reply-To: <Pine.LNX.4.44.0303062118110.13719-100000@localhost.localdomain>
Message-ID: <Pine.LNX.4.53.0303062056270.4729@shishi.roaringpenguin.com>
References: <Pine.LNX.4.44.0303062118110.13719-100000@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Subject: [Asrg] Locked addresses (was Do we need to do anything?
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 06 Mar 2003 21:11:16 -0500
On Thu, 6 Mar 2003, Matt Sergeant wrote: > What about address books? And people who give other people your address? Ah. This is solved by having different classes of addresses. Consider a Domain-locked address. The address "ephem-ajh4u34b@roaringpenguin.com" only accepts mail from the roaringpenguin.com domain. That's the address that gets published in the internal company directory. (For that matter, for the internal company directory, you might as well use "dfs@roaringpenguin.com"). Domain-locked addresses are also good if you're communicating with several people at another organization. Yes, if one of those people tries to email you from a Yahoo account, it will bounce. Well, too bad. Sender-locked addresses are more restricted. The address "ephem-dkn435nfu@roaringpenguin.com" only accepts mail from "rose@artandframingsolutions.com", period. She can keep that address in her address book, and it will work just fine. Time-locked addresses are what you post in newsgroups. They accept mail from anyone, but only for a very limited time. Challenge-locked addresses are what you use for your permanent point of contact for strangers. Challenge-locked addresses send a challenge back to senders; if the challenge is met successfully, the sender is given a sender-locked address to use. Later on, you might magnanimously hand out a domain-locked address, if you choose. Depending on your policy, you might have sender-locked addresses issue a challenge if the wrong sender tries to use them; this covers the innocent case of someone giving out your address to a friend. There's a terrific side-benefit from sender-locked addresses: If your correspondent is silly enough to use M$ LookOUT!, and gets hit by a virus, a nice thing happens: Most viruses nowadays pick two random addresses from the address book. They use one as the sender and the other as the recipient. Well, mail (supposedly) NOT from rose@... to ephem-dkn... will bounce. Furthermore, by looking at the destination address, you can phone up rose@ and say "I think you might have a virus; please check", whereas currently, you have few clues as to who the real infected party is. Locked-addresses require no MUA changes. All of the magic can be implemented on the server. To get back to the broader picture mandated by the charter: Rather than looking hard for ways to tie down an address to an identity, so that we can track persistent spammers, it might be much easier and just as productive to look for ways to dissociate e-mail addresses from any kind of permanent identity, ensuring that spammers' lists are rendered useless, and amplifying the effectiveness of the measure-bounce-percentage proposal I made earlier. -- David. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Do we need to do anything? Clayton, Nik [IT]
- Re: [Asrg] Do we need to do anything? Jon Kyme
- Limitations of filters (was Re: [Asrg] Do we need… David F. Skoll
- Re: [Asrg] Do we need to do anything? Hadmut Danisch
- Re: Limitations of filters (was Re: [Asrg] Do we … wayne
- Re: [Asrg] Do we need to do anything? James McIninch
- Re: Limitations of filters (was Re: [Asrg] Do we … David F. Skoll
- Re: Limitations of filters (was Re: [Asrg] Do we … Chris Lewis
- Re: [Asrg] Do we need to do anything? Matt Sergeant
- Re: [Asrg] Do we need to do anything? Jim Youll
- Re: [Asrg] Do we need to do anything? David F. Skoll
- Re: [Asrg] Do we need to do anything? wayne
- Re: [Asrg] Do we need to do anything? Justin Mason
- Re: [Asrg] Do we need to do anything? Jim Youll
- Re: [Asrg] Do we need to do anything? Nate W
- Re: [Asrg] Do we need to do anything? Matt Sergeant
- Re: [Asrg] Do we need to do anything? Kee Hinckley
- Re: [Asrg] Do we need to do anything? Chris Lewis
- Re: [Asrg] Do we need to do anything? william
- Re: [Asrg] Do we need to do anything? Jim Youll
- Re: [Asrg] Do we need to do anything? Chris Fedde
- RE: [Asrg] Do we need to do anything? Hallam-Baker, Phillip
- Re: [Asrg] Do we need to do anything? Matt Sergeant
- Re: [Asrg] Do we need to do anything? Jim Youll
- Re: [Asrg] Do we need to do anything? David F. Skoll
- [Asrg] Locked addresses (was Do we need to do any… David F. Skoll
- Re: Limitations of filters (was Re: [Asrg] Do we … Alan DeKok
- Re: [Asrg] Locked addresses (was Do we need to do… Kee Hinckley
- Re: [Asrg] Do we need to do anything? Kee Hinckley
- Re: [Asrg] Do we need to do anything? Jim Youll
- Re: [Asrg] Locked addresses (was Do we need to do… David F. Skoll
- Re: [Asrg] Do we need to do anything? Kee Hinckley
- Re: [Asrg] Locked addresses (was Do we need to do… Kee Hinckley
- Re: [Asrg] Locked addresses (was Do we need to do… David F. Skoll
- Re: [Asrg] Do we need to do anything? Jim Youll
- RE: [Asrg] Locked addresses (was Do we need to do… Gary Feldman
- Re: [Asrg] Locked addresses (was Do we need to do… Mark Delany
- Re: [Asrg] Locked addresses (was Do we need to do… Hadmut Danisch
- Re: [Asrg] Locked addresses (was Do we need to do… Kee Hinckley
- Re: [Asrg] Locked addresses (was Do we need to do… David F. Skoll
- Re: [Asrg] Locked addresses (was Do we need to do… Kee Hinckley
- Re: [Asrg] Locked addresses (was Do we need to do… David F. Skoll
- Re: [Asrg] Locked addresses (was Do we need to do… Kee Hinckley