How do you stop outgoing spam?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Sep 10 19:21:55 UTC 2002
On Tue, 10 Sep 2002 19:18:59 +0200, Iljitsch van Beijnum said:
> Or we throw out SMTP and adopt a mail protocol that requires the sender to
> provide some credentials that can't be faked. Then known spammers are easy
> to blacklist.
It's nice to say "we make it easy to blacklist spammers". The problem is
that those systems that *HAVE* made it easy to blacklist spammers are *ALWAYS*
taking heat for making it easy - remember how ORBS was held in little high
regard? And even the MAPS people have had their share of legal hassles.
We don't even have to throw out SMTP - there's STARTTLS, AUTH, PGP, and
so on. The problem is that we don't know how to do a PKI that will
scale (note that the current SSL certificate scheme isn't sufficient, as
it usually does a really poor job of handling CRLs - and the *lack* of
ability to distribute a CRL (which is essentially a blacklist) is the crux
of the problem. There's also the problem of distributing valid credentials
to half a billion people - while still preventing spammers from getting
any. The DMV hasn't learned how to keep *teenagers* from getting fake ID's,
why should we expect to do any better in keeping a motivated criminal from
getting a fake credential?
It's not as easy as it looks. As Bruce Schneier talked about in "Secrets and
Lies", where he does a hypothetical threat analysis regarding getting dinner
in a restaurant without paying, most of the attacks actually have nothing to
do with the part of the transaction where money changes hands...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020910/d8f68563/attachment.sig>
More information about the NANOG
mailing list