Spam Control Considered Harmful

John A. Tamplin jat at
Wed Oct 29 20:37:53 UTC 1997

On Wed, 29 Oct 1997, Richard Welty wrote:

> there is provision for sender verification in the exim MTA (a drop in 
> sendmail replacement that a lot of people are starting to switch to.)
> i used it for a while, but it's overly sensitive to sluggish and/or 
> malconfigured DNS in its current form, so i had to turn it off to 
> avoid complaints about legitmate business related email getting 
> canned by administrative prohibition.
> the verification only assured that the domain in the helo was legit, 
> and the domain in the mail from: was legit; it didn't do anything 
> useful for spammers with addresses like 12345678 at, 
> unfortunately.

Even if AOL allowed VRFY so you could connect back to them and verify
that the given address was valid, you still have the problem of what if
the message being sent isn't sent by the owner of that address.  I could
easily send mail that had postmaster at as the from address, and that
is certainly a valid from address, but it isn't the correct one.

The problem is that fundamentally you can verify that the supplied from 
address is "correct" based soley on what is supplied in the message.  The
only way I know to do this is to also require something that is not sent
in the message, but is reflected in the message, such as a digital signature.

If every MTA signed outgoing messages, the receiving MTA could then decide
whether to accept that message based on the certifying autority chain. 
You can then rely on CA's policies to base your acceptance of incoming
mail.  If you get spammed, you know who did it by the signature, you
report it to their CA (assuming the CA's policy says you can't send out
unsolicited email), they investigate it and revoke their certificate if
they broke the rules. If say, an ISP has a dialup customer send spam, they
should be able to demonstrate the user that sent it has been terminated
and avoid being decertified.  Of course, some CA's could require proactive
policies (require correct from address at that ISP, limit the number of
outgoing messages, block connections to third-party MTAs, etc) in the ISP,
and someone that wanted to make sure they didn't get any spam would only
accept messages signed by those CA's with that policy. 

I'm not naive enough to think this (or any similarly effective 
implementation) will actually be done any time soon.  There are simply too
many MTAs out there, many of which are never upgraded.  I do think that
something along these lines which allow the technology to enforce policy 
automatically is the only way to truly eliminate spam.

John Tamplin					Traveller Information Services
jat at Traveller.COM				2104 West Ferry Way
205/883-4233x7007				Huntsville, AL 35801

More information about the NANOG mailing list