Re: Is spam really a problem?
From sunder@brainlink.com Wed Feb 18 15:58:46 1998
Anonymous wrote:
I see discussion of spam here and everywhere on the net. But who finds it a *real* problem, and why?
Why are you asking the cypherpunks list?
There are nice technical solutions to this. If sendmail didn't transport things unauthenticated it could be done, but at a cost in CPU cycles on mail servers:
Have every sendmail server use a PK scheme to talk to every other server and authenticate the connection. Have every sendmail server accept mail only from those whose key is verified.
Nonsense. We (NANA) already know where spam comes from, and when we complain about it, they are terminated. # Date: Tue, 10 Feb PST 16:13:26 -0800 # Message-Id: <199802110013.QAA23854@blaze.corp.netcom.com> # Subject: Re: Commercial spam complaint # From: abuse@netcom.com (NETCOM Policy Management) # # Thank you for your report. This user's account has been terminated for # violations of NETCOM's Acceptable Use Guidelines. PK authentication would change nothing. Show a single spam with a forged IP address. PK authentication would only lead us down the road of everyone being tattooed with barcodes of our own making - and incredibly dumb idea. ---guy It would be like requiring a smart card for Internet access.
Information Security wrote:
From sunder@brainlink.com Wed Feb 18 15:58:46 1998
Anonymous wrote:
I see discussion of spam here and everywhere on the net. But who finds it a *real* problem, and why?
Why are you asking the cypherpunks list?
I didn't. Anonymous did.
There are nice technical solutions to this. If sendmail didn't transport things unauthenticated it could be done, but at a cost in CPU cycles on mail servers:
Have every sendmail server use a PK scheme to talk to every other server and authenticate the connection. Have every sendmail server accept mail only from those whose key is verified.
Nonsense.
We (NANA) already know where spam comes from, and when we complain about it, they are terminated.
Until someone else gets a throw away $10 account and uses it to spam, right? By the time you track'em down, they already gave up that account. All ISP's do is to delete the spamming account, which the spammer doesn't care about anyway. So you achive nothing. Further one can generate fake headers and you would not know exactly where it comes from, though you could have some idea since it would be one of many sites it was relayed from. One could send messages from an ISP that doesn't mind spammers who won't help you track down the bitch that just slimed your machine, etc.
PK authentication would change nothing.
Show a single spam with a forged IP address.
IP addresses won't be forged, but one could send a mail with extra Recieved-By: headers, etc.
PK authentication would only lead us down the road of everyone being tattooed with barcodes of our own making - and incredibly dumb idea.
It would be like requiring a smart card for Internet access.
Bullshit. PK auth with a central repository would be Big Brotherish. Having each user gen their own PK pair is what I suggested. That would allow anon users to have persistant (or even throw away) identities, but prevent Joe Spambitch from telnetting to port 25 and spamming that way. Even if Joe Spambitch does gen PK pairs and uses them, he can't gen a pair for every message he sends, the recipient servers won't recognize his PK pair and might have been instructed to block messages from bad (and possibly unknown PK's), or at least refuse to relay messages from unknown PK's. Relaying is a big problem. -- =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
participants (2)
-
Information Security -
sunder