[51929] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Sep 10 15:22:24 2002
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 10 Sep 2002 19:18:59 +0200."
<20020910190949.N24761-100000@sequoia.muada.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 10 Sep 2002 15:21:55 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-775803897P
Content-Type: text/plain; charset=us-ascii
On Tue, 10 Sep 2002 19:18:59 +0200, Iljitsch van Beijnum said:
> Or we throw out SMTP and adopt a mail protocol that requires the sender to
> provide some credentials that can't be faked. Then known spammers are easy
> to blacklist.
It's nice to say "we make it easy to blacklist spammers". The problem is
that those systems that *HAVE* made it easy to blacklist spammers are *ALWAYS*
taking heat for making it easy - remember how ORBS was held in little high
regard? And even the MAPS people have had their share of legal hassles.
We don't even have to throw out SMTP - there's STARTTLS, AUTH, PGP, and
so on. The problem is that we don't know how to do a PKI that will
scale (note that the current SSL certificate scheme isn't sufficient, as
it usually does a really poor job of handling CRLs - and the *lack* of
ability to distribute a CRL (which is essentially a blacklist) is the crux
of the problem. There's also the problem of distributing valid credentials
to half a billion people - while still preventing spammers from getting
any. The DMV hasn't learned how to keep *teenagers* from getting fake ID's,
why should we expect to do any better in keeping a motivated criminal from
getting a fake credential?
It's not as easy as it looks. As Bruce Schneier talked about in "Secrets and
Lies", where he does a hypothetical threat analysis regarding getting dinner
in a restaurant without paying, most of the attacks actually have nothing to
do with the part of the transaction where money changes hands...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-775803897P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9fkZTcC3lWbTT17ARAkdaAJ4sEcRkkdmtPilvmX9qwEskKawzwACcDeMf
+5xBLG6V8Vf5foj6tuo4BRE=
=TNWW
-----END PGP SIGNATURE-----
--==_Exmh_-775803897P--
