[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
From: Yakov Shafranovich <research at solidmatrix.com>
Date: Mon, 09 Feb 2004 14:08:38 -0500
Cc: "'Alan DeKok'" <aland at ox.org>, asrg at ietf.org
In-reply-to: <C6DDA43B91BFDA49AA2F1E473732113E0A181A@mou1wnexm05.vcorp.ad.vrsn.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: SolidMatrix Technologies, Inc.
References: <C6DDA43B91BFDA49AA2F1E473732113E0A181A@mou1wnexm05.vcorp.ad.vrsn.com>
Sender: asrg-admin at ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

Hallam-Baker, Phillip wrote:

 99.99% of the spam I get is forged.  Call me naive, but this says to
me that spammers believe that forgery is an important part of the
spamming process.


The way I look at it the spammers are using the forgery to get round the
existing filter technology and blacklists. Deny them that tool and the
existing mechanisms become more effective.

it is a geschtalt thing.

What I find problematic is that there is an existing identity in email - IP addresses. If blacklists are made to be more feature rich, possibly becoming reputation services, that might help. So I am not sure why going to domain identity or sender identity makes a difference. One compelling argument made so far is that IP owners do not care if their identity gets stolen, but domain owners and senders do. IF you raise the cost for IP owners, they will start to care.

My second problem, is that there are multiple ways to introduce sender identity into email. We should stop back for a second, and look at the problem from a bird's eye view. If we were to be designed the email system from scratch, how would sender identity be implemented? Would spam still exist in such system?

Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"I ate your Web page. / Forgive me. It was juicy / And tart on my tongue." (MIT's 404 Message)
-------

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
  - From: Alan DeKok

References:
- RE: [Fwd: [Asrg] Re: Documents for LMAP BOF]
  - From: Hallam-Baker, Phillip

Prev by Date: [Asrg] 3b. SMTP Session Verification - LMAP Discussion Document Submittedas an ID
Next by Date: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
Previous by thread: RE: [Fwd: [Asrg] Re: Documents for LMAP BOF]
Next by thread: Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]
Index(es):
- Date
- Thread