Re: [Asrg] New proposal for spam blocking: Greylisting
Vernon Schryver <vjs@calcite.rhyolite.com> Sat, 21 June 2003 04:50 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA19728 for <asrg-archive@odin.ietf.org>; Sat, 21 Jun 2003 00:50:31 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5L4o4B13405 for asrg-archive@odin.ietf.org; Sat, 21 Jun 2003 00:50:04 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TaKC-0003U8-Jo for asrg-web-archive@optimus.ietf.org; Sat, 21 Jun 2003 00:50:04 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA19718; Sat, 21 Jun 2003 00:50:00 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TaKA-0005fW-00; Sat, 21 Jun 2003 00:50:02 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TaK9-0005fT-00; Sat, 21 Jun 2003 00:50:01 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TaK9-0003SG-Cr; Sat, 21 Jun 2003 00:50:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TaJP-0003Ru-FB for asrg@optimus.ietf.org; Sat, 21 Jun 2003 00:49:15 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA19711 for <asrg@ietf.org>; Sat, 21 Jun 2003 00:49:11 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TaJM-0005fL-00 for asrg@ietf.org; Sat, 21 Jun 2003 00:49:12 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19TaJL-0005fI-00 for asrg@ietf.org; Sat, 21 Jun 2003 00:49:12 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h5L4nBAI007729 for asrg@ietf.org env-from <vjs>; Fri, 20 Jun 2003 22:49:11 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306210449.h5L4nBAI007729@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] New proposal for spam blocking: Greylisting
References: <NVTRD7185DFF@novitraq.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 22:49:11 -0600
> From: Elric Pedder <elric@novitraq.com> > ... > If only a hash of the triplet were stored, would this solve > the privacy issue? No. Consider a "dictionary attack." If you have a copy of the database and want to know if Steve Case sent Bill Gates a message, you hash those two addresses with a likely IP address and see if you can get a hit in the database. If you do not know the exact IP address, you can guess it is one of a few thousand (or at most a billion) and make the corresponding few thousand (or billion) probes of your copy of the database. Like a dictionary attack on /etc/passwd, this attack may not be quick, but it is effective. Whether the hash is easily reversible like CRC-32 or a cryptographic function like SHA or MD5 is irrelevant except perhaps for the speed of the attack. This sort of thing is why hashes of target addresses are not sent by DCC clients to servers to be stored in the distributed database. It is also why none of the hashes of mail from white-listed senders or to non-participating receivers is sent to DCC servers by clients. It might be interesting to consider something similar for the Greylisting database. What if only the IP address of the SMTP client and the Rcpt_To value is checked? I saw some comments about available counter-attacks by spammers, but I don't recall seeing a clear description of the easiest. Spammers do not need to do real queuing to get though a greylist. They need only send to the same target list from the same SMTP client a few hours after an initial spew. Mailboxes protected by a greylist will accept the second copy. Other mailboxes will see two copies. That wouldn't be remarkable, because some spammers are already hitting individual addresses with several copies per spew. Vernon Schryver vjs@rhyolite.com _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] New proposal for spam blocking: Greyli… Scott Nelson
- [Asrg] New proposal for spam blocking: Greylisting Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Yakov Shafranovich
- Re: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- Re: [Asrg] New proposal for spam blocking: Greyli… Jon Kyme
- Re: [Asrg] New proposal for spam blocking: Greyli… Yakov Shafranovich
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… John Morris
- Re: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Dave Crocker
- Re: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- Re: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- Re: [Asrg] New proposal for spam blocking: Greyli… Yakov Shafranovich
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Dave Crocker
- Re: [Asrg] New proposal for spam blocking: Greyli… Yakov Shafranovich
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- Re: [Asrg] New proposal for spam blocking: Greyli… Benjamin Geer
- Re: [Asrg] New proposal for spam blocking: Greyli… Evan Harris
- Re: [Asrg] New proposal for spam blocking: Greyli… John Morris
- Re: [Asrg] New proposal for spam blocking: Greyli… Elric Pedder
- Re: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- Re: [Asrg] New proposal for spam blocking: Greyli… John Morris
- Re: [Asrg] New proposal for spam blocking: Greyli… Kee Hinckley
- RE: [Asrg] New proposal for spam blocking: Greyli… Elric Pedder
- RE: [Asrg] New proposal for spam blocking: Greyli… Vernon Schryver
- RE: [Asrg] New proposal for spam blocking: Greyli… Clayton, Nik [IT]
- RE: [Asrg] New proposal for spam blocking: Greyli… David F. Skoll
- RE: [Asrg] New proposal for spam blocking: Greyli… Evan Harris