nanog mailing list archives
Re: Time to check the rate limits on your mail servers
From: Douglas Otis <dotis () mail-abuse org>
Date: Sat, 05 Feb 2005 12:27:12 -0800
On Sat, 2005-02-05 at 19:18 +0000, Jørgen Hovland wrote:
----- Original Message ----- From: "Edward B. Dreger" <eddy+public+spam () noc everquick net>TV> From: Todd Vierling TV> The only way to be sure is via cryptographic signature. Barring TV> that level False. You imply that a crypto signature is a perfect guarantee, and that nothing else can provide equal assurance.To prevent spyware using your signature you can for example use some sort of local signature engine and a fingerprint reader. It isn't possible to steal the private key because only the engine can decode it. Emails can only be signed with that signature by the engine, and the engine needs your fingerprint first. But who really wants to stick your thumb in the reader for every email you send?
If each provider signed their messages AND included account identifiers (as used by their access servers), then the providers themselves or some third-party would have little trouble blackhole listing problematic systems. There would be NO danger that something in the customers system could be stolen. A blackhole A record of 127.0.0.1 by the provider at the following: <internal-identifier>._rl.<domain>.<tld> Or if by a third-party, it could be <internal-identifier>._rl.<domain>.<tld>.<third-party>.<tld> This mechanism would also prevent a replay attack on signatures as well as allow extraction of these problem accounts caused by compromised systems. These people would quickly learn they have a problem, if they use the mail services of the provider. If they do not, they should be blocked by the provider outright. To prevent bounce traffic unilaterally, BATV would be a better solution. SPF et al does not allow safe reputation assertions. A reputation assertion is the ONLY way this type of abuse can be prevented. Binding MAILFROM or the FROM with some IP address will not stop spam. Within two minutes, spammers will have adapted, and yet a tremendous expense and disruption will have taken place for little benefit. -Doug
Current thread:
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers), (continued)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) J.D. Falk (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Sean Donelan (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) J.D. Falk (Feb 06)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 06)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 05)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 05)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 05)
- Re: Time to check the rate limits on your mail servers Jørgen Hovland (Feb 05)
- Re: Time to check the rate limits on your mail servers Douglas Otis (Feb 05)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 05)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 03)
- Re: Time to check the rate limits on your mail servers Niels Bakker (Feb 03)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 05)
- Re: Time to check the rate limits on your mail servers Jason Frisvold (Feb 03)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 03)
- Re: Time to check the rate limits on your mail servers Douglas Otis (Feb 03)