IETF Logo Mail Archive

Re: [Asrg] seeking comments on new RMX article

Vernon Schryver <vjs@calcite.rhyolite.com> Mon, 05 May 2003 17:32 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08862 for <asrg-archive@odin.ietf.org>; Mon, 5 May 2003 13:32:49 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h45HetV20186 for asrg-archive@odin.ietf.org; Mon, 5 May 2003 13:40:55 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45Het820183 for <asrg-web-archive@optimus.ietf.org>; Mon, 5 May 2003 13:40:55 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08821; Mon, 5 May 2003 13:32:18 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Cjqq-0007GA-00; Mon, 05 May 2003 13:34:08 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Cjqp-0007G6-00; Mon, 05 May 2003 13:34:07 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45HYZ819090; Mon, 5 May 2003 13:34:35 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h45HPn818655 for <asrg@optimus.ietf.org>; Mon, 5 May 2003 13:25:49 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08459 for <asrg@ietf.org>; Mon, 5 May 2003 13:16:58 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19CjcH-0007BG-00 for asrg@ietf.org; Mon, 05 May 2003 13:19:05 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19CjcB-0007B8-00 for asrg@ietf.org; Mon, 05 May 2003 13:19:00 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h45HJbKT025091 for asrg@ietf.org env-from <vjs>; Mon, 5 May 2003 11:19:37 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305051719.h45HJbKT025091@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] seeking comments on new RMX article
References: <E19CidB-0006dy-00@mail.nitros9.org>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 05 May 2003 11:19:37 -0600

> From: "Alan DeKok" <aland@freeradius.org>

> > How does traceability and accountability reduce spam?  If you believe
> > the DNS blacklist enthusiasts, most spam is already sufficiently
> > traceable to be blocked.
>
>   My experience has been different, as have others.

I chose my words carefully.  I don't use any DNS blacklists.

>   Additional traceability means that it's more difficult for spammers
> to send anonymously.  Once they're out in the open as spammers, then
> blacklists become more useful.

Please justify both the premise and conclusion in that paragraph.
Please give an example of a spammer that would be more easily blacklisted
if it were more out in the open in some sense related to RMX.
Please give an example of a major spammer that is not already out in the
open.  Are you familiar with http://www.spamhaus.org/rokso/ ?


>   Note that blacklists only work against openly declared long-term
> spammers.  "Stealth" spammers who use throw-away accounts, "hacked"
> machines, etc. can easily circumvent any blacklist, unless the
> blacklist reporting & distribution are both instantaneous.

Yes, but that's got nothing to do with getting spammers into the open
and nothing to do with RMX or other mail virtue certificates until
the mail from at least 80% of the Internet or 400,000,000 people uses
them.  How long do you think it might be until RMX or any technical
anti-spam system could reach 80% use?

>   My experience with blacklists was that only about 10% of originating
> IP's were on any blacklist, which made such lists useless to me.

Other people report substantially higher rates with DNS blacklists.

Again, I don't use any DNS blacklists.  However, my private blacklists
are better than 99% effective against my spam loadwith a much less than
1% false positive rate.  Note that the DCC is not what I consider a
blacklist.


> ...
> > However, unless you are spammer fighter interested in attacking
> > spamemrs, you don't care who or where the spammers are if you can
> > simply arrange to not receive their junk.
>
>   I agree.  But I don't think such arrangements are trivial, or easily
> made.
>
>   Making more people accountable for their behaviour is just one more
> tool in the fight against spam.  I've never claimed that any tool is
> perfect, or that it will do everything. 

RMX records do nothing I can see to making people accountable for
their behaviour ever, and certainly not until the mail of 100's of
millions of people use them.

>                                          In contrast, many people
> violently oppose any system which *isn't* perfect, which makes me
> wonder what the heck their agenda is.

What is your agenda for flogging something that cannot have any effect
for decades?  Or are you claiming RMX records might be used on more
than 80% of mail within 10 years?   If so, please justify that claim.


> ...
>   Which misses entirely what I said.  A mobile user SHOULD use
> SMTP-AUTH, STARTTLS, pop-before-SMTP, or other systems to
> authenticate & secure his connection to his home domain.  So it's his
> home domain which has done the hard work of verifying a previously
> unknown, anonymous, roaming user.  Now that that's done, the
> well-known, public, open MTA for the home domain can relay the message
> to other well-known, public, open MTA's.
>
>   The people going on about roaming users requiring naked SMTP to the
> recipient domain haven't made it clear why it's the *recipients* job
> to do authenticate them.  Isn't it easier for the home MTA to do
> SMTP-AUTH, STARTTLS, etc., than it is for the recipient MTA to run the
> message through crappy content filters?
>
>   The MTA for the home domain has information which the recipient MTA
> doesn't have, and may never have.  That information can be used to
> reduce the work done by the recipient, to separate spam from
> non-spam.  So the work of spam filtering is spread more evenly across
> the network, and significantly less work is done, as a whole.  I fail
> to see why there's any opposition to that goal.

What does any of that have to do with stopping spam?  What does knowing
that one of UUNet's resellers has validate a mail sender as
wpamae1954nx@domain.com tell you?  

Do you check the whois records for the domains advertised in spam?
What do you learn from records like 
http://opensrs.org/cgi-bin/whois.cgi?action=lookup&domain=gamingclub.com
What would RMX tell you that whois records and IP addresses don't?

By the way, that whois record told me to blacklist that domain.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email