Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups)

["G. D. Fuego" <gdfuego () gmail com>]

On Oct 17, 2009, at 9:31 AM, "Larry Seltzer" <larry () larryseltzer com>  
wrote:

> > > With a fully authenticated protocol we could limit the valid source
> > > addresses of the spam to the one associated with the compromised  
> > > user.
>
> That reduces it to a trust decision, right? We've had this option for
> years with DKIM, at least at the domain level, and it doesn't seem to
> have changed things much. Would authenticating down to the sender  
> level
> really improve things? (I hate it when I talk defeatist, but that's  
> how
> I feel about this issue.)

DKIM is optional and not widely implemented.  When implemented by a  
domain its not always validated by recipients.  In it's best case it  
prevents spoofing of individual domains, forcing spammers to use one  
of the many many other non-DKIM or unsed domains.

XMPP implements server to server communication with two unidirectional  
channels.  If I try to send a message to your user, my server connects  
to yours and yours connects back to a listed server for the domain.   
This should limit sender spoofing.

 From there it would be a matter of trust.  Malicious domains could be  
blacklisted.  Malicious users can be kept in check by server admins  
trying to avoid blacklisting.

Of course none of this matters unless we could coordinate a shift off  
of smtp, which would likely be about as fast as the IPv6 migration  
unless there was a simple migration path. 
  
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.