Re: [Asrg] VPNs

Bill Cole <> Thu, 02 July 2009 17:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E5C8428C1DE for <>; Thu, 2 Jul 2009 10:37:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.69
X-Spam-Status: No, score=-2.69 tagged_above=-999 required=5 tests=[AWL=-0.091, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kbeZR6kbKshq for <>; Thu, 2 Jul 2009 10:37:14 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 95E8928C0D8 for <>; Thu, 2 Jul 2009 10:37:14 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTP id 8A3118E3D23 for <>; Thu, 2 Jul 2009 13:37:17 -0400 (EDT)
Message-ID: <>
Date: Thu, 02 Jul 2009 13:37:16 -0400
From: Bill Cole <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090408 Eudora/3.0b2
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] VPNs
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Jul 2009 17:37:15 -0000

Alessandro Vesely wrote, On 6/30/09 4:41 AM:
> Thanks for confirming that. My feeling is that we are overloading IP
> numbers with an accountability functionality that doesn't belong there.

There's a strong reason for this: the immediate client IP is the one fact 
about *every* MX-driven attempt at message transport that the receiving MTA 
can know with very high certainty, even when the message is originated by 
someone who intentionally and maliciously tries to hide his identity.

Whether accountability *should* be tied to that one knowable fact is a 
philosophical question. As a practical matter, there has proven to be little 
choice. For some years early in the growth of spam, filtering techniques 
were applied and over time largely discarded or relegated to scoring systems 
which assumed that spammers would not falsify other elements of mail and its 
transport that should lead back to the ultimate originator or to someone who 
can identify and police the originator. Having run out of headers and 
transport features to check, we've developed new things like SPF and DKIM 
that are  harder to spoof but suffer from inadequate adoption to really fix 
a large part of the problem, much as the previous transport and content 
encryption and signing mechanisms have.