[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] where the message originated

To: asrg at ietf.org
Subject: Re: [Asrg] where the message originated
From: John Levine <asrg at johnlevine.com>
Date: 11 Jan 2009 22:39:23 -0000
Delivered-to: ietfarch-asrg-web-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=k0812; i=johnl at user.iecc.com; bh=W6Bsx70lbODoWIpliSDZxj5HQhrrT4wCt5D49Lwopoc=; b=GcL1pjf3EgqbvrO/9iclIIcMkswFMB273iZ6Pklym92+9eP33vv/0+4EF50I3rnIsWeph6ca4UYz6aaqIxGHI9RC0Ee0H3U73/zAVUKTm4D8JE85WGi5Z3XTn8IOTZVJ4CpJsBDT00MEK0F2+ASjm0EUiIzYKZlDummSLuJp4fE=
In-reply-to: <496A6B33.4010606 at terabites.com>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Organization:
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org

>That's precisely the point.  I am not using my habitual mail client, nor 
>am I using my own familiar webmail service.  I am using a mail 
>kiosk-type service which allows me to enter a subject, my return 
>address, a to address, and the body of my mail.

Yeah, it's just one more way that the bad guys have screwed up mail
for everyone else.  The trickle of mail with random to and from
addresses coming out of a mail kiosk is pretty much indistinguishable
from a zombie, so it's not surprising that they have trouble getting
mail through.  Poorly conceived path authentication systems like SPF
don't help, since they encourage people to claim that their mail can
only come from their usual server.

Assuming DKIM gets traction, I can see that kiosk vendors will sign
all their mail  with the kiosk's domain which will, with luck, get
a good enough reputation that receivers will say, oh, that's KioskCo,
their mail is OK.  (This is an example, by the way, of the reason that
finer grain reputation is not always better.)

In the meantime, if you want to send mail while you're on the road,
you better either get a laptop with a MUA configured to relay through
home, or web mail.

> > If not, assuming you won't configure an email client, you should use 
>company's webmail server.
>
>That's not an option, and nor can I configure what e-mail server is 
>being used.

Too bad.  I think it would be clearer to say that whoeveFrom asrg-bounces at irtf.org  Sun Jan 11 14:39:45 2009
Return-Path: <asrg-bounces at irtf.org>
X-Original-To: asrg-archive at optimus.ietf.org
Delivered-To: ietfarch-asrg-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id E5A993A6AED;
	Sun, 11 Jan 2009 14:39:44 -0800 (PST)
X-Original-To: asrg at core3.amsl.com
Delivered-To: asrg at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id D01E93A6AED
	for <asrg at core3.amsl.com>; Sun, 11 Jan 2009 14:39:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.832
X-Spam-Level: 
X-Spam-Status: No, score=-14.832 tagged_above=-999 required=5
	tests=[AWL=0.067, BAYES_00=-2.599, RCVD_IN_BSP_TRUSTED=-4.3,
	RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id OpK4n9x+13dK for <asrg at core3.amsl.com>;
	Sun, 11 Jan 2009 14:39:39 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53])
	by core3.amsl.com (Postfix) with ESMTP id 16E503A67CC
	for <asrg at ietf.org>; Sun, 11 Jan 2009 14:39:38 -0800 (PST)
Received: (qmail 21935 invoked by uid 100); 11 Jan 2009 22:39:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com;
	h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding;
	s=k0812; i=johnl at user.iecc.com;
	bh=W6Bsx70lbODoWIpliSDZxj5HQhrrT4wCt5D49Lwopoc=;
	b=GcL1pjf3EgqbvrO/9iclIIcMkswFMB273iZ6Pklym92+9eP33vv/0+4EF50I3rnIsWeph6ca4UYz6aaqIxGHI9RC0Ee0H3U73/zAVUKTm4D8JE85WGi5Z3XTn8IOTZVJ4CpJsBDT00MEK0F2+ASjm0EUiIzYKZlDummSLuJp4fE=
Date: 11 Jan 2009 22:39:23 -0000
Message-ID: <20090111223923.21933.qmail at gal.iecc.com>
From: John Levine <asrg at johnlevine.com>
To: asrg at ietf.org
In-Reply-To: <496A6B33.4010606 at terabites.com>
Organization: 
X-Headerized: yes
Mime-Version: 1.0
Subject: Re: [Asrg] where the message originated
X-BeenThere: asrg at irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
	<mailto:asrg-request at irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/pipermail/asrg>
List-Post: <mailto:asrg at irtf.org>
List-Help: <mailto:asrg-request at irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
	<mailto:asrg-request at irtf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: asrg-bounces at irtf.org
Errors-To: asrg-bounces at irtf.org

>That's precisely the point.  I am not using my habitual mail client, nor 
>am I using my own familiar webmail service.  I am using a mail 
>kiosk-type service which allows me to enter a subject, my return 
>address, a to address, and the body of my mail.

Yeah, it's just one more way that the bad guys have screwed up mail
for everyone else.  The trickle of mail with random to and from
addresses coming out of a mail kiosk is pretty much indistinguishable
from a zombie, so it's not surprising that they have trouble getting
mail through.  Poorly conceived path authentication systems like SPF
don't help, since they encourage people to claim that their mail can
only come from their usual server.

Assuming DKIM gets traction, I can see that kiosk vendors will sign
all their mail  with the kiosk's domain which will, with luck, get
a good enough reputation that receivers will say, oh, that's KioskCo,
their mail is OK.  (This is an example, by the way, of the reason that
finer grain reputation is not always better.)

In the meantime, if you want to send mail while you're on the road,
you better either get a laptop with a MUA configured to relay through
home, or web mail.

> > If not, assuming you won't configure an email client, you should use 
>company's webmail server.
>
>That's not an option, and nor can I configure what e-mail server is 
>being used.

Too bad.  I think it would be clearer to say that whoever runs yr runs your
mail system doesn't consider the problem of sending mail on the road
to be serious enough to fix.

>In this case, however, the overly-broad-brush of poisoning ALL traffic 
>transiting an IP address just because it has sent "some" unwanted or 
>malicious mail can create a GREAT deal of serious collateral damage.

Quite true.  See comments above.

R's,
John
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg


our
mail system doesn't consider the problem of sending mail on the road
to be serious enough to fix.

>In this case, however, the overly-broad-brush of poisoning ALL traffic 
>transiting an IP address just because it has sent "some" unwanted or 
>malicious mail can create a GREAT deal of serious collateral damage.

Quite true.  See comments above.

R's,
John
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] where the message originated
  - From: Alessandro Vesely

References:
- Re: [Asrg] where the message originated
  - From: Gordon Peterson

Prev by Date: Re: [Asrg] where the message originated
Next by Date: [no subject]
Previous by thread: Re: [Asrg] where the message originated
Next by thread: Re: [Asrg] where the message originated
Index(es):
- Date
- Thread