[67586] in North American Network Operators' Group
Re: SMTP authentication for broadband providers
daemon@ATHENA.MIT.EDU (Mark Foster)
Fri Feb 13 10:23:56 2004
Date: Fri, 13 Feb 2004 07:23:20 -0800
From: Mark Foster <mark@foster.cc>
To: nanog@merit.edu
Mail-Followup-To: Mark Foster <mark@foster.cc>, nanog@merit.edu
In-Reply-To: <OF2F0E9809.359EF9AA-ON80256E39.003BDD9B-80256E39.003CE81F@radianz.com>
Errors-To: owner-nanog-outgoing@merit.edu
--bp/iNruPH9dso1Pn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Feb 13, 2004 at 11:05:16AM +0000, Michael.Dillon@radianz.com wrote:
>=20
> > To attack spam, we need to attack it at its core, not at some secondary=
=20
> or
> > tertiary side-effect, with a mechanism that also hurt legitimate users.
>=20
> We, as network operators don't need to attack spam. We need
> to ignore spam itself and get to work securing the network
> that enables spammers to do their dirty work.
=20
Much talk about using SMTP AUTH, but nothing about using STARTTLS?
Alone, SMTP AUTH is somewhat better, but requires that the passwords be sto=
red
plain-text on the server (CRAM-MD5 or DIGEST-MD5), or that the password=20
traverse the wire in plain-text (PLAIN or LOGIN).=20
So by requiring STARTTLS for SMTP AUTH the transmission can be encrypted an=
d=20
the passwords on the server encrypted as well.=20
Furthermore, if mail server admins step up and enable STARTTLS on their sys=
tems=20
it opens up the possibilities of using certificate verification and PKI.
--=20
Some days it's just not worth chewing through the restraints...
Mark Foster <mark@foster.cc> http://mark.foster.cc/
--bp/iNruPH9dso1Pn
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQFALOvnsP1x4ZySqYcRAsLAAJwKEvJYDhKpcNZCIZTYjlN1Ab7H9QCeIf1B
R6+jWqKiEipsS7RqC3qLGmM=
=LTty
-----END PGP SIGNATURE-----
--bp/iNruPH9dso1Pn--
