nanog mailing list archives
Re: SMTP authentication for broadband providers
From: Mark Foster <mark () foster cc>
Date: Fri, 13 Feb 2004 07:23:20 -0800
On Fri, Feb 13, 2004 at 11:05:16AM +0000, Michael.Dillon () radianz com wrote:
To attack spam, we need to attack it at its core, not at some secondaryortertiary side-effect, with a mechanism that also hurt legitimate users.We, as network operators don't need to attack spam. We need to ignore spam itself and get to work securing the network that enables spammers to do their dirty work.
Much talk about using SMTP AUTH, but nothing about using STARTTLS? Alone, SMTP AUTH is somewhat better, but requires that the passwords be stored plain-text on the server (CRAM-MD5 or DIGEST-MD5), or that the password traverse the wire in plain-text (PLAIN or LOGIN). So by requiring STARTTLS for SMTP AUTH the transmission can be encrypted and the passwords on the server encrypted as well. Furthermore, if mail server admins step up and enable STARTTLS on their systems it opens up the possibilities of using certificate verification and PKI. -- Some days it's just not worth chewing through the restraints... Mark Foster <mark () foster cc> http://mark.foster.cc/
Attachment:
_bin
Description:
Current thread:
- Re: Open, anonymous services and dealing with abuse, (continued)
- Re: Open, anonymous services and dealing with abuse Daniel Reed (Feb 17)
- Re: Open, anonymous services and dealing with abuse Mark Turpin (Feb 17)
- RE: Open, anonymous services and dealing with abuse Roy (Feb 17)
- RE: Open, anonymous services and dealing with abuse Nicole (Feb 17)
- RE: Open, anonymous services and dealing with abuse Roy (Feb 17)
- Re: Open, anonymous services and dealing with abuse matt (Feb 17)
- Re: Open, anonymous services and dealing with abuse william(at)elan.net (Feb 17)
- Re: Open, anonymous services and dealing with abuse John Palmer (Feb 17)
- Re: Open, anonymous services and dealing with abuse JC Dill (Feb 17)
- Re: SMTP authentication for broadband providers Alex Bligh (Feb 13)