IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

"Alan DeKok" <aland@freeradius.org> Mon, 19 May 2003 12:53 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA19534 for <asrg-archive@odin.ietf.org>; Mon, 19 May 2003 08:53:54 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4JCMpn13292 for asrg-archive@odin.ietf.org; Mon, 19 May 2003 08:22:51 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JCMpB13289 for <asrg-web-archive@optimus.ietf.org>; Mon, 19 May 2003 08:22:51 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA19520; Mon, 19 May 2003 08:53:24 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HkAb-0003D4-00; Mon, 19 May 2003 08:55:13 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19HkAb-0003Cy-00; Mon, 19 May 2003 08:55:13 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JCI8B13092; Mon, 19 May 2003 08:18:08 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JCHeB13061 for <asrg@optimus.ietf.org>; Mon, 19 May 2003 08:17:40 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA19439 for <asrg@ietf.org>; Mon, 19 May 2003 08:48:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Hk5a-0003BN-00 for asrg@ietf.org; Mon, 19 May 2003 08:50:02 -0400
Received: from giles.striker.ottawa.on.ca ([192.139.46.36] helo=mail.nitros9.org ident=root) by ietf-mx with esmtp (Exim 4.12) id 19Hk5U-0003BE-00 for asrg@ietf.org; Mon, 19 May 2003 08:49:57 -0400
Received: from localhost ([127.0.0.1] helo=giles.striker.ottawa.on.ca ident=aland) by mail.nitros9.org with esmtp (Exim 3.34 #1) id 19HkHU-0002qR-00 for asrg@ietf.org; Mon, 19 May 2003 09:02:20 -0400
From: Alan DeKok <aland@freeradius.org>
To: asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
In-Reply-To: Your message of "Sun, 18 May 2003 19:52:30 MDT." <200305190152.h4J1qUCp005609@calcite.rhyolite.com>
Message-Id: <E19HkHU-0002qR-00@mail.nitros9.org>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 19 May 2003 09:02:20 -0400

Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
> This issue seems like a minor nit until you notice how many proposed
> spam defenses are based on the assumption that most spam is forged,

  I've seen few defenses which make that assumption explicitely, or
even implicitely.

> so that spammers cannot receive DSNs and spammers are not authorized
> to use the sender addresses or SMTP clients they use.

  Which brings us back to the charter.  Here "authorized" == "consent".

  Q: How does the recipient of an email determine that the domain
     owner of the alleged "From:" consented to send that email?

>  For example, if 90% of spam is forged, then RMX, C/R, and
> authentication schemes could do a lot against spam (modulo their
> other problems).  If only 10% of spam is forged, then those schemes
> are limited to affecting that 10% fringe, albeit a very irritating
> fringe.

  These systems establish a consent framework for communication.  In
my opinion, explicite consent-based frameworks will be the only methods
by which the spam problem is solved.

  And until a better system is presented, it looks like attacking even
only 10% of the problem is the best option we have right now.

  Or do you have a better system you'd like to propose?  If so, I'm
all for dumping RMX, C/R, etc.

  Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.30.2 | Report a Bug | By Email | System Status