Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How do you stop outgoing spam?

  • From: Valdis.Kletnieks
  • Date: Tue Sep 10 15:23:49 2002

On Tue, 10 Sep 2002 19:18:59 +0200, Iljitsch van Beijnum said:

> Or we throw out SMTP and adopt a mail protocol that requires the sender to
> provide some credentials that can't be faked. Then known spammers are easy
> to blacklist.

It's nice to say "we make it easy to blacklist spammers".  The problem is
that those systems that *HAVE* made it easy to blacklist spammers are *ALWAYS*
taking heat for making it easy - remember how ORBS was held in little high
regard?  And even the MAPS people have had their share of legal hassles.

We don't even have to throw out SMTP - there's STARTTLS, AUTH, PGP, and
so on.  The problem is that we don't know how to do a PKI that will
scale (note that the current SSL certificate scheme isn't sufficient, as
it usually does a really poor job of handling CRLs - and the *lack* of
ability to distribute a CRL (which is essentially a blacklist) is the crux
of the problem.  There's also the problem of distributing valid credentials
to half a billion people - while still preventing spammers from getting
any.  The DMV hasn't learned how to keep *teenagers* from getting fake ID's,
why should we expect to do any better in keeping a motivated criminal from
getting a fake credential?

It's not as easy as it looks. As Bruce Schneier talked about in "Secrets and
Lies", where he does a hypothetical threat analysis regarding getting dinner
in a restaurant without paying, most of the attacks actually have nothing to
do with the part of the transaction where money changes hands...

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Attachment: pgp00009.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.