Earthlink to Test Caller ID for E-Mail
The "whitelist for my friends" part of "a whitelist for my friends, all others pay cash" seems to be underway... If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to be blown away as a matter of course. Cheers, RAH ------- <http://www.pcworld.com/resource/printable/article/0,aid,115094,00.asp> PCWorld.com Earthlink to Test Caller ID for E-Mail New systems could fight spam and Internet scams, company says. Paul Roberts, IDG News Service Friday, March 05, 2004 ISP Earthlink will soon begin testing new e-mail security technology, including Microsoft's recently released Caller ID technology, a company executive says. AdvertisementEarthlink will be experimenting "very soon," with "sender authentication" technology including Caller ID and a similar plan called Sender Policy Framework (SPF). The Atlanta-based ISP will be evaluating other e-mail security proposals as well, but is not backing any specific technology, says Robert Sanders, chief architect at Earthlink. Plans to secure e-mail by verifying the source of e-mail messages have garnered much attention in recent months, as the volume of spam has swelled and the number of Internet scams has increased. Spammers and Internet-based criminals often fake, or "spoof," the origin of e-mail messages to trick recipients into opening them and trusting their content. Sender authentication technologies attempt to stop spoofing by matching the source of e-mail messages with a specific user or an approved e-mail server for the Internet domain that the message purports to come from. Different Strategies So far, Earthlink has stayed out of the sender authentication fray while Web-based e-mail services, including Yahoo and Hotmail, and major ISP America Online, have all backed slightly different sender authentication proposals. Yahoo is promoting an internally developed technology called DomainKeys, that uses public key cryptography to "sign" e-mail messages. AOL said in January that it is testing SPF for outgoing mail, publishing the IP (Internet protocol) addresses of its e-mail servers in an SPF record in the DNS (Domain Name System). Finally, Microsoft-owned Hotmail is publishing the addresses of its e-mail servers using that company's recently announced Caller ID standard. Earthlink believes that sender authentication is necessary, and is prepared to support multiple sender authentication standards if necessary. However, the company hopes that one clear winner emerges from the field of competing proposals, Sanders says. "I don't think it's unlikely that we'll see two or three coexisting proposals go into production. We had hopes that they would be able to merge, but I think at this point each standard adds a different function, and we're unlikely to see a merger," he says. Coming Soon? For now, Caller ID and SPF will probably make it into production first, because neither require companies to deploy new software to participate in the sender authentication system, he says. Earthlink is also interested in proposals like Yahoo's DomainKeys, which allows e-mail authors to cryptographically sign messages, enabling recipients to verify both the content of a message and its author. However, DomainKeys is more complicated to deploy than either Caller ID or SPF and requires software changes that will slow implementation, he says. Earthlink is not backing any proposal but is interested in looking at the results of its trial deployments, and those of other organizations. "We have to get real world data from people who have deployed SPF or Caller ID," he says. The company is also a member of the Anti-Spam Technical Alliance, an industry group that includes Microsoft, AOL, Yahoo, Comcast, and British Telecommunications, and continues to participate in meetings and initiatives through that organization, he says. Microsoft's backing of Caller ID and its plans to use that technology for Hotmail tips the scales in favor of that technology, he says. "One factor that determines what you, as an e-mail sender, deploy is the important question of 'Who am I sending mail to?' What the larger [e-mail] receivers deploy is what you're going to support," he says. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
"R. A. Hettinga" <rah@shipwright.com> writes:
If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to be blown away as a matter of course.
I think you mean: If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to contain legit signatures from hacked PCs. This is just another variation of the "To secure the Internet, build a big wall around it and only let the good guys in" idea. Peter.
On Sat, Mar 06, 2004 at 08:24:09PM +1300, Peter Gutmann wrote:
"R. A. Hettinga" <rah@shipwright.com> writes:
If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to be blown away as a matter of course.
I think you mean:
If we really do get cryptographic signatures on email in a way that works, expect 80% of all spam to contain legit signatures from hacked PCs.
"A way that works" would involve passphrase-locked keyrings, and forgetful MUAs (this mutt only caches the passphrase for a preset time). Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and whitelisting known senders by digital signature makes very good sense. Of course, this doesn't help with people you don't yet know. Would work well with prioritizing mail if taken together with other modes of filtering, though.
This is just another variation of the "To secure the Internet, build a big wall around it and only let the good guys in" idea.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
Eugen Leitl <eugen@leitl.org> writes:
"A way that works" would involve passphrase-locked keyrings, and forgetful MUAs (this mutt only caches the passphrase for a preset time).
"A way that works *in theory* would involve ...". The chances of any vendor of mass-market software shipping an MUA where the user has to enter a password just to send mail are approximately... zero.
Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and whitelisting known senders by digital signature makes very good sense.
In that case you can just filter by sender IP address or something (anything) that's simpler than requiring a PKI. Again though, that's just another variant of the "Build a big wall" dream. In order to have perimeter security you first need a perimeter. If the spammer you're trying to defend against is your own mother (because she clicked on an attachment you sent her, it says so in the From: address, that's actually a spam-bot), you don't have a perimeter. All you have is a big pile of Manchurian candidates waiting to bite you. Peter.
On Sun, Mar 07, 2004 at 01:26:47AM +1300, Peter Gutmann wrote:
Eugen Leitl <eugen@leitl.org> writes:
"A way that works" would involve passphrase-locked keyrings, and forgetful MUAs (this mutt only caches the passphrase for a preset time).
"A way that works *in theory* would involve ...". The chances of any vendor
of mass-market software shipping an MUA where the user has to enter a
No, that was a definition. I made no statement about how users take to passphrases, and vendors implementing this unwelcome feature. Works well for me, though. password
just to send mail are approximately... zero.
I agree. It doesn't mean signing (whether in MUA or MTA level) is useless. Only a tiny fraction of all systems is compromised, and if those systems use signed mail blocking them is actually easier (generating new keys on an 0wn3d machine introduces extra degrees of complication, and limits the rate of mail sent). If this is adopted on a large scale, nonsigned mail would automatically increase the spam scoring function, further speeding adoption.
Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and whitelisting known senders by digital signature makes very good sense.
In that case you can just filter by sender IP address or something (anything) that's simpler than requiring a PKI. Again though, that's just another
Parsing headers is problematic, and signatures work at user, not at IP level (there are public mail services which serve millions of users with just a few IPs). You can as well sign at MTA level, if users are authenticated, and each of them has a signature.
variant of the "Build a big wall" dream. In order to have perimeter security
you first need a perimeter. If the spammer you're trying to defend against is your own mother (because she clicked on an attachment you sent her, it says so in the From: address, that's actually a spam-bot), you don't have a
Every exploitable system will be exploited, if a sufficient incentive is present. You can't get around the fact that we need to modify the infrastructure. Specifically for spam, facultative strong authentication is a part of a solution (there is no single solution, because it's a complex, adaptive problem). perimeter.
All you have is a big pile of Manchurian candidates waiting to bite you.
When I get virus mail from someone who has my email in my address book, it would be nice if that mail was signed, so I could contact her, and tell her she has a problem. Facultative strong authentication doesn't nuke anonynimity. It does shift it into darker, seedier corners of communication, though. Which is only natural: trolls thrive on anonymity, giving it a bad rap. Which is why we need a nym supporting infrastructure. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
At 2:21 PM +0100 3/6/04, Eugen Leitl wrote:
Facultative strong authentication doesn't nuke anonynimity.
Perfect pseudonymity is functional anonymity, in my book... Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
On Sat, 2004-03-06 at 10:32, R. A. Hettinga wrote:
At 2:21 PM +0100 3/6/04, Eugen Leitl wrote:
Facultative strong authentication doesn't nuke anonynimity.
Perfect pseudonymity is functional anonymity, in my book...
No, pseudonymity lets others identify messages on, say c-punks, as coming from a particular sender. Reputation can work here, even with no meat-space identity attached. Anonymity means reputation can't work, so each message has to be taken on its own, with no history to give clues as to bias or reliability. I certainly wouldn't want to have to wade through all the traffic, wondering which from Eugen and which from the Australian-shithead-who-shall-not-be-named. Yah, it's easy enough to tell once you've read the message, but I'd rather filter it out on the "From:" level. I realize that your, RAH's, "book" mostly deals with financial transactions. In the very narrow domain of transactions which don't require any trust, anonymity should be as useful as pseudonymity. In the more general case, I'd think true anonymity would be a handicap. eg, I'm certainly not going to send my hard-earned e-money to the account of some untraceable joker in exchange for his promise to deliver me a week's worth of groceries.
Peter Gutmann wrote:
Eugen Leitl <eugen@leitl.org> writes:
"A way that works" would involve passphrase-locked keyrings, and forgetful MUAs (this mutt only caches the passphrase for a preset time).
"A way that works *in theory* would involve ...". The chances of any vendor of mass-market software shipping an MUA where the user has to enter a password just to send mail are approximately... zero.
And it doesn't even work in theory - once your PC is hacked, the passphrase would be known the first time you used it. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
On Mon, Mar 08, 2004 at 09:19:23AM +0000, Ben Laurie wrote:
And it doesn't even work in theory - once your PC is hacked, the passphrase would be known the first time you used it.
True, but in the current threat model passphrase snarfing is yet negligible (keyloggers look for credit card info, etc.). Also, the fraction of 0wn3d to pristine machines is low, and likely go become lower in future. So the egress points of spam remain few, and if they come with signatures, so much better for us. If they don't come with signatures, or use variable signatures (if you disregard entropy pool issues, how many signatures/min can you churn out on a desktop PC?), ditto (if you compute spam score by signed, and know signed vs unsigned). *BSD and Linux penetration rate (desktop, not server) is low, Redmondware is about to become similiarly hardened at the network layer. Things are still a bit dismal at the userland executable level, but security has become a selling argument. So, sooner or later, they will have to start selling something palpably more secure, instead of just waffling about it. The passphrase locking idear won't fly, but a biometrics-lockable wallet could. Isn't part of Pd envelope goal establishing a tamper-proof compartment? We know Pd is evil, but once hardware support is everywhere, one can as well use it for something positive, for a change. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
At 1:14 PM +0100 3/6/04, Eugen Leitl wrote:
Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and whitelisting known senders by digital signature makes very good sense.
Right. A whitelist for my friends.
Of course, this doesn't help with people you don't yet know.
All others pay cash. Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (5)
-
Ben Laurie -
Eugen Leitl -
pgut001@cs.auckland.ac.nz -
R. A. Hettinga -
Steve Furlong