[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]

To: asrg at ietf.org
Subject: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
From: "Alan DeKok" <aland at ox.org>
Date: Mon, 09 Feb 2004 10:38:19 -0500
In-reply-to: Your message of "Sun, 08 Feb 2004 17:17:20 EST." <4026B570.3080409@solidmatrix.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin at ietf.org

Yakov Shafranovich <research@solidmatrix.com> wrote:
> If the entire purpose of these proposals is to make sure that the sender 
> is who he claims to be according to DNS information,

  I would say "has permission to claim association with a domain"

>  than what we could 
> do is create an ESMTP extension to pass sender's information to the 
> server MTA which will be verified via DNS. Since we need to change MTA 
> software to support sender rewriting schemes, we might as well add a new 
> extension instead, to pass that information explicitly.

  Sounds fine to me.  Can we have a show of hands from people in the
IETF who are *not* opposed to modifying SMTP?

> Of course this is just devil's advocate speaking :)

  Yes, and there are standard arguments against it:

 - it will take too long to deploy
 - it won't stop spam.

  My responses are:

 - it will take less time to deploy than waiting forever for a perfect
   solution
 - it's not intended to stop spam.  It's intended to allow the
   recipient to better deal with the spam he does get.

  99.99% of the spam I get is forged.  Call me naive, but this says to
me that spammers believe that forgery is an important part of the
spamming process.

  This addition would also get rid of the forged viruses & worms.  If
nothing else, it would make it plainly obvious who's stupid enough to
run a system which gets viruses.  Right now, I don't get viruses, but
I get tons of spam from software by antivirus companies, claiming to
have found a virus in a message I sent.  The fact that the viruses are
forged, and that their "notifications" are spam, is something the
virus companies apparently don't get.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
  - From: Yakov Shafranovich

Prev by Date: Re: [Asrg] Its all over for Challenge Response
Next by Date: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
Previous by thread: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
Next by thread: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
Index(es):
- Date
- Thread