[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Certificates

To: asrg at ietf.org
Subject: Re: [Asrg] Certificates
From: Seth Breidbart <sethb at panix.com>
Date: Sun, 25 Apr 2004 17:57:53 -0400 (EDT)
In-reply-to: <B0000030426@nts1.terabites.com> (gep2@terabites.com)
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <B0000030426@nts1.terabites.com>
Sender: asrg-admin at ietf.org

gep2@terabites.com wrote:

>>  In deciding which email to receive (or allow to bypass strong
>> filtration), would you trust an irrevocable certificate from TrustE?
>> How about one from Verislime?  How about a revocable certificate from
>> Spamhaus?
>>
>> If you want your email to be received, which of those would you buy?
>
> The bottom line, again, is that certificates (like SPF) ultimately
> DO NOT SOLVE THE PROBLEM of spamming for the terribly simple and
> obvious reason that machines possessing valid certificates will be
> infected by spambot zombies (in fact, since they're "certificated"
> they will be widely sought-after zombie targets).

And about 40 seconds after they start spewing, spamhaus revokes their
certificate.

> So your "certificate-approved" machine gets infected, and now it's
> pumping out "certificate-guaranteed" spam like there's no tomorrow.

For 40 seconds, maybe.

> Certificates, like SPF, E-postage, and other such lame ideas, simply
> don't solve the problem.  They do NOT guarantee that mail is, or is
> not, spam.

No, but they can help reduce the amount of mail that's misclassified.

> The nice thing about my approach... don't allow most users
> (i.e. those users without a GENUINE, AGREED NEED) to send you
> HTML-burdened mails (force the mail to plain ASCII text) and
> similarly don't allow most users (other than those you've negotiated
> with and approved in advance) to send you attachments (and open that
> window, guardedly, for only a few trusted senders and a few specific
> attachment types).
>
> THEN, for the stuff that has gotten through (and where most of the
> tricks for obscuring content have been denied to the sender), you
> put it through a good content filter which will identify the stuff
> as spam if it looks like spam.

There don't seem to be any such content filters that are good enough
now; requiring them as part of your solution doesn't make your
solution any more viable.

> My scheme virtually eliminates spams and worms being sent
> successfully (to ME at least) in E-mails,

"virtually"?  How do they ever get through?

> Making that first filtering of the HTML junk happen also greatly
> increases the effectiveness of the content filtering of what's left,
> since there are very many fewer tricks left available to spammers
> and abusers for obscuring the true content of their unwanted
> messages.

When it's necessary, they'll find more, just like they always have.

Seth

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] Certificates
  - From: gep2

Prev by Date: Re: [Asrg] Re: Answering a lot of questions about e-postage in afew sentences
Next by Date: Re: [Asrg] My take on e-postage
Previous by thread: [Asrg] Certificates
Next by thread: [Asrg] My take on e-postage
Index(es):
- Date
- Thread