[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Please critique my anti-spam system

To: Seth Breidbart <sethb at panix.com>
Subject: Re: [Asrg] Please critique my anti-spam system
From: Danny Angus <Danny_Angus at slc.co.uk>
Date: Mon, 10 Jan 2005 09:23:46 +0000
Cc: asrg at ietf.org, asrg-bounces at ietf.org
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org

> Create
> the lhs of the Message-ID signed with a private key that changes
> daily.  If the "response" doesn't have one you could have generated
> recently, it's bogus.

It is a compelling idea, but remember that the message id can be generated
at any of a number of different tiers (hops) and can't be altered once it
has been created. This itself isn't a problem. If each tier uses this
system we have a kind of granuarity of attribution (sent by me, sent by my
office, sent by my office's ISP) and gradually weakening "trust" but it
also means you need to publish the public keys upwards to allow any of the
higher tiers determine if the mail is sent by a legitimate subsidiary tier.

You would want to do this because it would allow you to remove bogus
messages near the top of the stack and save infrastructure resources by not
having to transfer it any further.

I'm sure that similar systems have been dicussed in the past, I know I've
discussed some ideas around trust based systems, I also think there is
still a lot of merit in the idea if it could be made to work. It seems that
dicussions faded out as people spiralled their ideas in towards MARID.

d.


***************************************************************************
The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any  responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Limi!
 ted.

This footnote also confirms that this email message has been swept for the presence of computer viruses.

**************************************************************************

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: Re: [Asrg] Please critique my anti-spam system
Next by Date: Re: [Asrg] Reducing the amount of bogus challenges in Michael Kaplan's ISACS to (almost) zero
Previous by thread: Re: [Asrg] Please critique my anti-spam system
Next by thread: Re: [Asrg] Please critique my anti-spam system
Index(es):
- Date
- Thread