[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than in other protocols)

To: asrg@ietf.org
Subject: Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than in other protocols)
From: "Alan DeKok" <aland@ox.org>
Date: Wed, 24 Dec 2003 15:34:56 -0500
In-reply-to: Your message of "Wed, 24 Dec 2003 12:34:32 EST." <3FE9CE28.9000105@zemos.net>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

Philip Miller <millenix@zemos.net> wrote:
> There are two problems caused by the potential forgery that is possible in SMTP:
> 1. Filtering by sender's address is hard when someone could forge a friend's
> address.

  Which is where accountability comes in.

> 2. One can't hold the victim of the forgery accountable for the junk
> transmitted.

  Why not?  If they haven't done anything to prevent the (ab)use of
their name, how can the recipient tell if a message is real, or
abusive?

  If they have made public statements about accountability, then they
can prevent forgery by allowing the recipient to verify that
accountability.

  e.g. You can't rent a car unless you show identification.  It's not
a government conspiracy, it's so that the rental agency can make you
pay, if you wrap the car around a tree.

> Accountability is a much thornier issue. Technical solutions are attractive,
> but they require widespread buy-in before one can start rejecting messages
> that don't have a sender to hold accountable.

  Exactly.  The single largest problem with LMAP is the sheer number
of people who won't be using it.

> If the owner of an IP address were held responsible for mail
> transmitted from that address, there would be specific motivation
> for everyone to do their part towards security.

  In many jurisdictions, communications providers are indemnified for
any illegal activities by their customers.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than in other protocols)
  - From: Walter Dnes

References:
- Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than inother protocols)
  - From: Philip Miller

Prev by Date: Re: [Asrg] Re: Why SPAM is worse in SMTP than in other protocols
Next by Date: Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than in other protocols)
Previous by thread: Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than inother protocols)
Next by thread: Re: Forgery in SMTP (was [Asrg] [1] Why SPAM is worse in SMTP than in other protocols)
Index(es):
- Date
- Thread