IETF Logo Mail Archive

Re: PS -- Re: Restricting the list

Dave Crocker <dcrocker@brandenburg.com> Thu, 08 February 1996 16:49 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa16664; 8 Feb 96 11:49 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa16660; 8 Feb 96 11:49 EST
Received: from list.cren.net by CNRI.Reston.VA.US id aa08668; 8 Feb 96 11:48 EST
Received: from localhost (localhost [127.0.0.1]) by list.cren.net (8.6.12/8.6.12) with SMTP id LAA14947; Thu, 8 Feb 1996 11:48:00 -0500
Received: from ng.netgate.net (root@ng.netgate.net [204.145.147.10]) by list.cren.net (8.6.12/8.6.12) with ESMTP id LAA14915; Thu, 8 Feb 1996 11:47:28 -0500
Received: from [205.214.160.41] (d38.netgate.net [205.214.160.72]) by ng.netgate.net (8.6.12/8.6.9) with ESMTP id IAA14070; Thu, 8 Feb 1996 08:53:40 -0800
Message-Id: <v03004b00ad3fd6a88d02@[205.214.160.41]>
Date: Thu, 8 Feb 1996 08:46:20 -0800
X-Orig-Sender: owner-ietf-smtp@list.cren.net
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Dave Crocker <dcrocker@brandenburg.com>
To: Ned Freed <NED@innosoft.com>
Cc: ietf-smtp@list.cren.net, ietf-822@list.cren.net
Subject: Re: PS -- Re: Restricting the list
In-Reply-To: <01I0XKYNCNLW9N3WDF@INNOSOFT.COM>
References: "Your message dated Wed, 07 Feb 1996 07:40:22 -0800"
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Sender: dcrocker@ng.netgate.net
X-Listprocessor-Version: 8.0(beta) -- ListProcessor by CREN

At 12:33 PM 2/7/96, Ned Freed wrote:
>> 1.  To subscribe to a list, the user sends a request.  The list server
>> sends back a verification request.  The subscriber returns a confirmation.
...
>Simply put, the problem is that list subscribers hate it and therefore most
>list managers cannot reasonably use it. As such, it's a nonstarter more often

	I've had a number of list servers impose this on me, including a
'renewal' notice sent periodically and requiring that I respond to stay on
the list.  These require nothing more than hitting the Reply command since
they information tag is in the subject line.  I'm generally pretty
sensistive to hassles generated by computers and found my own reaction not
all that negative.

	In any event, we have an emerging, large-scale problem.  We need to
find some workable solutions.  This will require adjustments for us all.
Adjustments doesn't mean massive changes to a draconian set of mechanisms,
but it does mean that the old world we've lived in is changing.

	That does not, of course, mean the this specific mechanism is
essential, but I do believe it improves the integrity of the data base
rather substantially.  The side effect, then, is to reduce bounces.

>> 2.  Those who are registered can send messages freely.  Those who are not
>> have their messages channeled to the list moderate who decides whether to
>> forward the message or not.  One could elaborate this, further, by having
>> non-registered email ALSO get a verification request from the server before
>> sending it on to the moderator.  This would filter deprivation of service
...
>The sender verification step suffers from the problems #1 has only more so --
>people posting to lists *really* hate it and simply won't post if it is used.
>(I personally can tolerate #1 but won't accept this variant of it.) As for

	Let me get this straight.  A mechanism which detects and
unregistered, first time poster and sends a verification note which
requires nothing more than your hitting Reply is too much overhead?

	For large, open lists this seems to me a reasonable compromise.
No, I'm not in love with it, but the incremental effort strikes me as
pretty reasonable.  I guess we differ on our assessment.

>having a moderator review messages received from people not subscribed to the
>list, this depends on having a moderator willing to perform the task. Such
>moderator resources are in scarce supply. Also keep in mind that the burden
>placed on the moderator is FAR greater than anticipated, as postings from

	Yup.  This is definitely an issue.  That's why I would assume that
a list of verified, unregistered posters would be maintained.  It should
reduce the steady-state overhead considerably.  (No, not to zero.)

>Finally, please note that the attack I previously described blows past all
>this
>with ease, since it builds a list of addresses that are known to be subscribed
>to the list in an automated way. I dealt with a use of this attack this
>morning
>-- it is the first case I have seen. This will never be as common as more
>simpleminded techniques, but it will not remain unknown for much longer.

	Here's where I need to eat a bowl of crow.  I entirely missed the
fact that legitimate addresses were being spoofed.  And yes, none of the
above prevents such an attack.

	The only thing I can think of is some sort of path validation by
scrutinzing Received headers and offhand I haven't a clue what the
algorithm needs to look like, if it is to be robust in the face of
alternate routing for legitimate mail.

	Gad but this would all be so much simpler if we had reasonable
authentication deployed.

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                 fax: +1 408 249 6205
675 Spruce Dr.                                     dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                           http://www.brandenburg.com

Internet Mail Consortium                   http://www.imc.org, info@imc.org

v2.8.7 | Report a Bug | By Email