Re: [Shutup] [ietf-smtp] Proposed Charter for something

Martijn Grooten <martijn@lapsedordinary.net> Thu, 10 December 2015 17:11 UTC

Return-Path: <martijn@lapsedordinary.net>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDF911A8A05; Thu, 10 Dec 2015 09:11:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.621
X-Spam-Level: *
X-Spam-Status: No, score=1.621 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I49eZkZe6YeC; Thu, 10 Dec 2015 09:11:23 -0800 (PST)
Received: from mail.lapsedordinary.net (thinksmall.vps.bitfolk.com [85.119.83.85]) by ietfa.amsl.com (Postfix) with ESMTP id 8C1E81A89F5; Thu, 10 Dec 2015 09:11:23 -0800 (PST)
Received: by mail.lapsedordinary.net (Postfix, from userid 1000) id 7AEF2343FE; Thu, 10 Dec 2015 17:11:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1449767482; bh=a8kTS4t/aY9uBM4uxrLq7Kc+52ku5UI2bdc6vtsxN1Y=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=s55KXt/FNHTniMrh2pJb/qMUSRIoqmNWskd0gDg6RvNZK6j6/oEwY3BKE1FYTg5Z0 r+aN5blCh00FFsknr1Do7KuFxBCk9kYcffiD6E5nIB3NjFFf251wUN3UniXvjwsRii D7TXEw0yA8Zu0TEmxQIcYxKsYWMQq+wsCcb8Lg1o=
Date: Thu, 10 Dec 2015 17:11:22 +0000
From: Martijn Grooten <martijn@lapsedordinary.net>
To: ietf-smtp@ietf.org
Message-ID: <20151210171122.GB27258@lapsedordinary.net>
References: <20151208204227.62714.qmail@ary.lan> <56689A81.7030401@dcrocker.net> <a6568f3a-a788-4006-bca2-94dc26c2be32@gulbrandsen.priv.no> <20151210144814.GA16386@lapsedordinary.net> <55103b70-ca39-4694-92dc-07a17344d485@gulbrandsen.priv.no> <5669A568.6000907@mustelids.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uZ3hkaAS1mZxFaxD"
Content-Disposition: inline
In-Reply-To: <5669A568.6000907@mustelids.ca>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/bfbKTnz5nSt1OXrHmynXLXaWPvg>
Cc: shutup@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for something
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 17:11:25 -0000

On Thu, Dec 10, 2015 at 11:16:40AM -0500, Chris Lewis wrote:
> There really are no technical differences whatsoever between a
> blackhat and a whitehat trying to protect their identity. The ONLY
> saving grace is that (in the spam space) the blackhat is forced to
> resort to methods that scale high enough for an adequate ROI, while
> the whitehat usually doesn't care that much.

Most spam filtering - again used in the broad sense - only cares about
the identity of the sending organisation (ISP, company, etc.). And
sometimes not even that. If an email body matches some (fuzzy)
signature, it gets blocked, often regardless of who sent it from where.

It's only when said organisation doesn't do a good enough job of
checking the identity (or the hat colour) of the sender, that being able
to find the actual sender matters to everyone else.

> Tor, for example, being a case in point.  Tor would be ideal for
> spam. And it was for a bit.  Slow, but worked.  I don't know whether
> the fact that the tor network became so slow as to be unuseable, or
> that the screams from the "spammed" turned the day, but so few tor
> exit nodes support outbound port 25 nowadays that it isn't a big
> problem.

If they hadn't all blocked that port (it's the default, I believe) then
every DNSBL would add the exit nodes; Tor, by design, doesn't hide the
nodes' IP addresses and it's easy to check if a certain IP address is
or was a Tor exit node at a given time.

Tor in an email context should be used to connect to an ISP's or
corporate mail server. It's up to them to decide whether they have
enough reason to believe youare a whitehat. Many believe they are able
to do so, though they often require a one-time phone verification.

If being able to hide (the geolocation of) your submission IP address is
of vital importance, then this is the way to use email. For most people,
this isn't necessary, but it is my belief that at the very least we
should help organisations that wish to protect personal data for all of
its users to do so in a way that doesn't seriously harm the existing
email infrastructure.

Martijn.