North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: How do you stop outgoing spam?
- From: Valdis.Kletnieks
- Date: Tue Sep 10 15:23:49 2002
On Tue, 10 Sep 2002 19:18:59 +0200, Iljitsch van Beijnum said:
> Or we throw out SMTP and adopt a mail protocol that requires the sender to
> provide some credentials that can't be faked. Then known spammers are easy
> to blacklist.
It's nice to say "we make it easy to blacklist spammers". The problem is
that those systems that *HAVE* made it easy to blacklist spammers are *ALWAYS*
taking heat for making it easy - remember how ORBS was held in little high
regard? And even the MAPS people have had their share of legal hassles.
We don't even have to throw out SMTP - there's STARTTLS, AUTH, PGP, and
so on. The problem is that we don't know how to do a PKI that will
scale (note that the current SSL certificate scheme isn't sufficient, as
it usually does a really poor job of handling CRLs - and the *lack* of
ability to distribute a CRL (which is essentially a blacklist) is the crux
of the problem. There's also the problem of distributing valid credentials
to half a billion people - while still preventing spammers from getting
any. The DMV hasn't learned how to keep *teenagers* from getting fake ID's,
why should we expect to do any better in keeping a motivated criminal from
getting a fake credential?
It's not as easy as it looks. As Bruce Schneier talked about in "Secrets and
Lies", where he does a hypothetical threat analysis regarding getting dinner
in a restaurant without paying, most of the attacks actually have nothing to
do with the part of the transaction where money changes hands...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
Attachment:
pgp00009.pgp
Description: PGP signature
|
