Re: [Asrg] How about we do something about spam?

[Douglas Otis <dotis at mail-abuse.org>]

On Jan 30, 2007, at 10:25 AM, Michael Thomas wrote:

> The ability to route around damage was one of the key innovations  
> of the net.  I'd much rather keep that and look for other ways to  
> deal with our problems than reverting back to known dysfunction.

A great deal of dysfunction and risk is caused by SMTP extensions as  
well.  SPF/Sender-ID is a good example of a protocol that may cause  
hundreds of DNS transactions relating the bounce, PRA, or a DKIM  
domain with an SMTP client IP address.  (DKIM still allows replay.)   
Had the SMTP client name been validated, association with _any_ other  
originating domain within a message could be assured within a single,  
small, and safe DNS transaction.

Obfuscating roles of the client transmitting messages continues with  
the DKIM protocol.  Imposing a limitation on who's behalf the message  
is signed offers transmitting clients a means to extort private keys  
from domain owners using the service.  This will result in a security  
disaster when an MTA holding thousands of private keys becomes  
compromised.  Clients transmitting or signing email MUST be  
identifiable and spam MUST be made illegal.  Lack of SMTP client  
identification and spamming is _directly_ responsible for the spread  
of much of today's malware!

The criminal element has demonstrated individuals can not be easily  
tracked in today's Internet.  Those in the business of transmitting  
messages should identify their clients and not abuse network  
resources by allowing bulk unsolicited promotions of any sort.   
Identifying the client transmitting or signing messages does not mean  
individuals are being identified or that freedom has been lost.

-Doug




_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg