funsec mailing list archives
Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups)
From: "G. D. Fuego" <gdfuego () gmail com>
Date: Sat, 17 Oct 2009 10:12:25 -0400
On Oct 17, 2009, at 9:31 AM, "Larry Seltzer" <larry () larryseltzer com> wrote:
With a fully authenticated protocol we could limit the valid source addresses of the spam to the one associated with the compromised user.That reduces it to a trust decision, right? We've had this option for years with DKIM, at least at the domain level, and it doesn't seem to have changed things much. Would authenticating down to the sender level really improve things? (I hate it when I talk defeatist, but that's how I feel about this issue.)
DKIM is optional and not widely implemented. When implemented by a domain its not always validated by recipients. In it's best case it prevents spoofing of individual domains, forcing spammers to use one of the many many other non-DKIM or unsed domains. XMPP implements server to server communication with two unidirectional channels. If I try to send a message to your user, my server connects to yours and yours connects back to a listed server for the domain. This should limit sender spoofing. From there it would be a matter of trust. Malicious domains could be blacklisted. Malicious users can be kept in check by server admins trying to avoid blacklisting. Of course none of this matters unless we could coordinate a shift off of smtp, which would likely be about as fast as the IPv6 migration unless there was a simple migration path. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups), (continued)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Valdis . Kletnieks (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) G. D. Fuego (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) G. D. Fuego (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Larry Seltzer (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) G. D. Fuego (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Dan White (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Paul Ferguson (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (wasComcastpop-ups) Larry Seltzer (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Valdis . Kletnieks (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Valdis . Kletnieks (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) rick wesson (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)