[62975] in North American Network Operators' Group
Blacklisting: obvious P2P app
daemon@ATHENA.MIT.EDU (neal rauhauser)
Wed Sep 24 16:44:21 2003
Date: Wed, 24 Sep 2003 13:21:23 -0500
From: neal rauhauser <neal@lists.rauhauser.net>
To: nanog@merit.edu
In-Reply-To: <1064429789.6059.24.camel@sljohnson.state.ar.us>
Errors-To: owner-nanog-outgoing@merit.edu
It has been mentioned in other places on the net (ok, yammerings on
slashdot, but this made a bit of sense) that blacklisting is a perfect
P2P application.
Each mailserver could keep a cryptographically verified list, the
list is distributed via some P2P mechanism, and DoS directed at the
'source' of the service only interrupts updates, and only does so until
the source slips an updated copy of the list to a few peers, and then
the update spreads. Spam is an economic activity and they won't DoS a
source if they know it won't help their situation.
I'm not an expert in DNS, email server configuration, or routing,
but it seems to me that the whole thing requires a distributed solution
to harden it against spammers, and that the logical place for this is
the SMTP daemon itself, possibly coupled with some global registry that
sells digital certs for a reasonable annual fee, much how domain names
are handled now (Verisign excluded, of course).
--
mailto:neal@lists.rauhauser.net
phone:402-301-9555
"After all that I've been through, you're the only one who matters,
you never left me in the dark here on my own" - Widespread Panic
