North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Micorsoft's Sender ID Authentication......?
- From: Matt Ghali
- Date: Thu Jun 09 20:41:59 2005
On Thu, 9 Jun 2005, Stephen Sprunk wrote:
If my grandmother has a "reputation" for sending legitimate email,
and she inadvertently installs some spam zombie software, it is
certainly feasible (and probably trivial) for the spammer to steal
all her credentials and thus her "reputation". Spam will get out
for a while, but once her "reputation" significantly degrades, it
will be stopped -- as will any future legitimate email from her.
No. You are (I suspect) deliberately ignoring the Big Picture.
Your grandmother, if she is like most grandmothers, does not have a
box coloed with a static IP from which she runs her own MTA. She
gets a dynamic address assignment from her ISP.
When her computer becomes infected with malware that causes it to
emit abusive traffic, the reputation for that IP (or its containing
netblock) is affected.
The longer her ISP allows the abusive traffic, the lower the
reputation becomes for that address (or its containing netblock).
So you see, the reputation has nothing to do with your mom, and
everything to do with the controlling entity, her ISP. Which makes
the whole address-based sender reputation scheme almost workable, if
you ignore the scaling issues.
This "solution" strikes me as worse than the problem it tries to
I'd never call it a "solution", but it is certainly a useful tool to
use along with others in order to more successfully manage the
The only thing necessary for the triumph
of evil is for good men to do nothing. - Edmund Burke