more on somebody is spoofing "from dave () farber net"

[David Farber <dave () farber net>]

Begin forwarded message:

From: Russell Nelson <nelson () crynwr com>
Date: August 8, 2004 10:14:09 PM EDT
To: Rich Kulawiec <rsk () gsp org>
Cc: dave () farber net
Subject: Re: [IP] more on somebody is spoofing "from dave () farber net"

> From: Rich Kulawiec <rsk () gsp org>

> Oh, sure, there are proposals (like DomainKeys and SPF) on the
> table which attempt to wallpaper over the problem and hide its
> consequences, but none of these do anything to address the
> underlying issues.

DomainKeys isn't an attempt to wallpaper over the problem of zombies.
I think you and Dave are talking about solving different problems.
Yes, there is an overlap between stopping forgeries and stopping
zombies.  Spammers also send forgeries, and zombies are also used in
denial of service attacks.  Stopping zombies won't stop forgeries.

DomainKeys is MTA-level cryptographic signing of email, including the
headers and body but not the envelope (mailing lists need to modify
the envelope).  If you get a piece of email from a domain advertising
that all outgoing email is signed, and it's unsigned or has a bad
signature, you can be fully confident that it is forgery.  Doesn't
matter if a zombie sent it or a spammer sent it, it's a forgery and
can be discarded.  That's what Dave wants, right?

--
--My blog is at angry-economist.russnelson.com  | Big business, big 
government,
Crynwr sells support for free software  | PGPok | big citizenry: the 
problem is
521 Pleasant Valley Rd. | +1 315 268 1925 voice | not who wields power, 
but the
Potsdam, NY 13676-3213  | FWD# 404529 via VOIP  | fact that they wield 
it.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/