[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Several Observations and a solution that addressesthem all

To: Jason Hihn <jhihn@paytimepayroll.com>
Subject: RE: [Asrg] Several Observations and a solution that addressesthem all
From: Kee Hinckley <nazgul@somewhere.com>
Date: Tue, 11 Mar 2003 16:04:15 -0500
Cc: Valdis.Kletnieks@vt.edu, ASRG <asrg@ietf.org>
In-reply-to: <NGBBLHANMLKMHPDGJGAPOECOCEAA.jhihn@paytimepayroll.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <NGBBLHANMLKMHPDGJGAPOECOCEAA.jhihn@paytimepayroll.com>
Sender: asrg-admin@ietf.org

At 2:21 PM -0500 3/11/03, Jason Hihn wrote:

We now have a traceable route back to the spammer. At there very least, we
have their MX IP, which can be traced to their ISP and so on.

As I have said before on this list. There are spammers out there who are registering new domains every week. They don't forge their domains, and you can't blacklist them based on the domain because it keeps changing. If we require domain authentication, then all spammers will move towards this model. That is not necessarily a bad thing, but it argues for a level of authentication that comes with certificates and certificate revocation.

As for "nailing" the spammer...

He sets up an authentication server on a dialup connection. He uses a free dynamic dns system to point his mx at the dialup. And then he sends spam from all over the world using proxies and relays. Anyone who gets email checks the mx, that sends them to his dialup machine, and it says the mail is valid.

What happens if you report him to his ISP? He loses his dialup connection. Just like now.

So then I suppose the ISPs block inbound connections to your authentication port. And then once that happens someone starts up a server offshore selling authentication services for domains. And they keep moving the IP address around using different relays at different offshore machines.

In other words--we are fighting the same battle then as now, just in a different space.

Just as content filtering doesn't detect spam, it detects content. Domain authentication doesn't identify spammers, it identifies domains. Both are very useful. I'd love a mechanism that kept people from forging my domain name. But it won't stop spam. Nor (as described) will it drive the spammers into a small enough box that we can stop them.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] Several Observations and a solution that addresses them all
  - From: Jason Hihn

References:
- RE: [Asrg] Several Observations and a solution that addresses them all
  - From: Jason Hihn

Prev by Date: Re: [Asrg] Email Certification Path Proposal
Next by Date: RE: [Asrg] DCC and IP checksums
Previous by thread: RE: [Asrg] Several Observations and a solution that addresses them all
Next by thread: RE: [Asrg] Several Observations and a solution that addresses them all
Index(es):
- Date
- Thread