New hijacking - Done via via good old-fashioned Identity Theft

Thu Oct 7 13:44:29 UTC 2010

On Thu, 07 Oct 2010 12:10:37 -0000, Sven Olaf Kamphuis said:
> If what you're asking under point c is "what happens if a system that 
> contains such a password for your email address gets compromised" the 
> answer is simple, you remove that specific password from your approved 
> passwords list

140 million or so compromised systems.  You may be spending a lot of time
removing compromised passwords from your list - and even more problematic,
notifying everybody of the *new* password(s) they should use to e-mail to you.
So far this month, I've seen 4,964 mails from 1,090 different From: lines
(mostly due to a subscription to the linux-kernel list, which is a true fire
hose), and some 250 different SMTP MAIL FROM: sources.

>                          (note that on the receiver side, the password is not linked 
> to the source email address, senders can use any source email address they 
> want, as long as one of the currently active/accepted passwords is in the 
> email)

We'll overlook the fact that if the password isn't linked to the source
address, then *any* sender can use any source they want, as long as as it's
known that *some* sender used '97%-chicken-teriyaki' as a password.  And with
140 million compromised boxes, there's a basically never-ending supply of
credentials to be stolen and used.

> remaining problems with this system are:
> by lack of a standard header for Password: which should be supported by 
> all clients, address books, online shops, mailinglists, we put the 
> password in the email, which means, that on Cc:'s and forwards etc
> the password got forwarded along with the email, potentially giving other 
> people the password too.

And you recognize that your scheme leaks said passwords, but that's not a fatal
problem.

> Now, this is -100%- spam stopping, smtp can be as open relay and you want, 
> the internet can be full of compromised windows boxes chunking out tons of 
> crap, but you won't get any spam, just mail from people YOU choose to deal 
> with, by actively -giving- them a password yourself, which you can also 
> -revoke-.

So explain to me in *detail* - you're in the To: line of this mail.  I don't
believe I've sent to you in the past.  I acquire a password valid to send you
this e-mail, how, exactly? After all, I can't e-mail you and ask for one...

After that, explain how a Hotmail user migrates to GMail (or vice versa) and
retains their ability to contact everybody they used to contact.

You might want to look at this:

http://www.rhyolite.com/anti-spam/you-might-be.html

and see how many of the entries in the list apply to your proposal. (Nothing
personal - I don't think *any* realistic anti-spam proposal can get much
traction unless they've at least *thought* about every single bullet point on
that list).

Further discussion is probably best on SPAM-L.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20101007/1effced5/attachment.sig>