RE: [Asrg] C/R Thoughts: Take 1

"Eric Dean" <eric@purespeed.com> Wed, 14 May 2003 02:45 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA07784 for <asrg-archive@odin.ietf.org>; Tue, 13 May 2003 22:45:21 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4E2BeV21330 for asrg-archive@odin.ietf.org; Tue, 13 May 2003 22:11:40 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E2BeB21327 for <asrg-web-archive@optimus.ietf.org>; Tue, 13 May 2003 22:11:40 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA07780; Tue, 13 May 2003 22:44:51 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19FmI3-0001qY-00; Tue, 13 May 2003 22:46:47 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19FmI3-0001qV-00; Tue, 13 May 2003 22:46:47 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E2AAB21282; Tue, 13 May 2003 22:10:10 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4E297B21221 for <asrg@optimus.ietf.org>; Tue, 13 May 2003 22:09:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA07735 for <asrg@ietf.org>; Tue, 13 May 2003 22:42:18 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19FmFa-0001pf-00 for asrg@ietf.org; Tue, 13 May 2003 22:44:14 -0400
Received: from ns2.tidalwave.net ([66.77.68.8] helo=mailgate.purespeed.com) by ietf-mx with esmtp (Exim 4.12) id 19FmFa-0001p9-00 for asrg@ietf.org; Tue, 13 May 2003 22:44:14 -0400
Received: from purespeed.com (mail.purespeed.com [66.77.69.8]) by mailgate.purespeed.com (Postfix Relay Hub) with ESMTP id C827C13994; Tue, 13 May 2003 22:47:15 -0400 (EDT)
Received: from HOMEY [68.100.19.195] by purespeed.com (SMTPD32-7.13) id ADA2D69B0122; Tue, 13 May 2003 22:44:50 -0400
From: Eric Dean <eric@purespeed.com>
To: "Eric S. Johansson" <esj@harvee.org>
Cc: Yakov Shafranovich <research@solidmatrix.com>, asrg@ietf.org
Subject: RE: [Asrg] C/R Thoughts: Take 1
Message-ID: <MBEKIIAKLDHKMLNFJODBOELMFCAA.eric@purespeed.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
In-reply-to: <3EC19906.7080600@harvee.org>
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 13 May 2003 22:47:03 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

> we went over this terrain in the camram project a couple of years
> ago.  Anytime
> you make a response something that can be auto responded to, you
> create a hole
> for spammers.  one thing I believe to be very important is a list
> of signatures
> for messages recently sent and the challenge should contain a
> matching signature
> for the message it is challenging.  That way, when the challenge
> is handled, the
> mail user agent can verify that the client really did send a message the
> challenge was returned for by matching signature and destination address.

Well...what I'm thinking would allow for both.  I'm in the midst of writing
this up.  But we should support both an automated method of challenge
response verification as well as a manual method handled by the user.  In
this manner we would eliminate a certain type of spam..that which is forged.
Other types of spam would get handled in a different manner.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg