IETF Logo Mail Archive

Re: [dispatch] FYI draft-levine-mailbomb-header-00

Brandon Long <blong@google.com> Tue, 20 June 2017 07:00 UTC

Return-Path: <blong@google.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CEA5128D69 for <dispatch@ietfa.amsl.com>; Tue, 20 Jun 2017 00:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yh67LZuPblZZ for <dispatch@ietfa.amsl.com>; Tue, 20 Jun 2017 00:00:30 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 565A9127419 for <dispatch@ietf.org>; Tue, 20 Jun 2017 00:00:07 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id c189so44092009oia.2 for <dispatch@ietf.org>; Tue, 20 Jun 2017 00:00:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EDuPJ3AbtjSZkI/poBRx38Htdu/69fD5nTVqFwUhDeA=; b=dyYYrNbW2A7Sp5KjXD5gUkgHnjz2Ef4vjhgtdXeCOmXtfuio38/onegpR9xO+3uHns jvH0xe4S71aA+2F7dH3pyheQgfugTf1ymxjl9NiEdD2vgxxAdz/Zx6fwyr1ZWskaXZ1/ mn20Q4RHmXOjO0SxrY5nQgI08C3+fWlfc+9VSKLfLjCu3TFffrZ9QcPXW59ZDpZlwCQz Xj8JbCP0YecDVHPotwHQiIHS5fCKiCc928EGaGeSJSzQOJRH7ayLYMXyKN27JMcDkiab Fw8i0N5lnBIRnBZcIhX3zhxVIr8u57v7+Ii7JzqmrLCC6yoXF7eEbA2B94p3oKrG9tl0 umwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EDuPJ3AbtjSZkI/poBRx38Htdu/69fD5nTVqFwUhDeA=; b=UlCpGrvL+CmISNaJ6lUgO0NVGmE0ejfo/6C1VQCjJRyS0abvr7Jth8HKH+kiGObSUF I2Zq3Injhqvue1LL41abXIpO3l+vugZ5/FZX6gNTmMwvWZ1w12ovOTUPee2kLoRTqvr5 iSIrVORPU4Q9QF6uOHtQXImhI1ulLhnLlW2LT9hNva6ptJr4380O/bZVJPpt+DN33duh nIpPUUZiuvmH3HN+5p3YkBqgONhzsQrAMb6tY8qv/hHSBI80BGRUTvUFisPHBU3wxDBO gG3CxiBEYxMCRDpj/KqTSVE9ieol2ry4lWab0eqwIqwjb6db8SVPKmTCfRakkZqb6fZA cCrg==
X-Gm-Message-State: AKS2vOxo2L+08P+xX5zYIuCBkwsxTaeEjlhwCT51fE99NkRdFkvo6zg/ 0ktdYKKWx++yuQ7bGnLvkWrBapgKWwZ9roE=
X-Received: by 10.202.72.20 with SMTP id v20mr15215260oia.44.1497942006250; Tue, 20 Jun 2017 00:00:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.68.42 with HTTP; Tue, 20 Jun 2017 00:00:05 -0700 (PDT)
Received: by 10.182.68.42 with HTTP; Tue, 20 Jun 2017 00:00:05 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.21.1706191804570.31848@ary.qy>
References: <20170619174225.10412.qmail@ary.lan> <f96eb0a1-d8d2-843c-0980-9333f50a47bc@cs.tcd.ie> <alpine.OSX.2.21.1706191804570.31848@ary.qy>
From: Brandon Long <blong@google.com>
Date: Tue, 20 Jun 2017 00:00:05 -0700
Message-ID: <CABa8R6uqcjVJhktOfnLYs5RTUkKJO+FFS+4gvTat_Hj2KLxdLw@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: Dispatch WG <dispatch@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a11c17cda2dad7705525ecd29"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/kkngaHaluZjOKVry8LOhqd4-Aos>
Subject: Re: [dispatch] FYI draft-levine-mailbomb-header-00
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 07:00:33 -0000

So, we think these form providers are more likely to do this than actually
protect their forms from abuse by bots?

This seems like putting the onus on receivers to work around the junk
they're putting out.

I'd be tempted to put on a BOFH hat and use a couple mailbombs to create a
blacklist and never accept mail from them again.  Hmm, maybe I could pay
one of these mailbomb services to mailbomb a couple honeypots.

Though, if they include this header, it's also easy to drop them all, I
guess.

Perhaps a bit hyperbolic, ok.

Brandon


On Jun 19, 2017 3:12 PM, "John R Levine" <johnl@taugh.com> wrote:

On Mon, 19 Jun 2017, Stephen Farrell wrote:

> to a form submission:
>>
>>  Form-Sub: v=1; ip4=198.51.x.x
>>
>
> Why not some hashed form of the address?
>

As Richard Clayton pointed out, it is trivial to reverse unsalted IPv4
hashes with rainbow tables (and not all that hard to do salted hashes), and
you can't use hashes with different salts to see if it's the same guilty
party.  I added a sentence about that to -01.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly


_______________________________________________
dispatch mailing list
dispatch@ietf.org
https://www.ietf.org/mailman/listinfo/dispatch

v2.23.0 | Report a Bug | By Email