nanog mailing list archives

Re: Clueless service restrictions (was RE: Anti-spam System Idea)


From: "Steven M. Bellovin" <smb () research att com>
Date: Tue, 17 Feb 2004 17:28:32 -0500


In message <451737404.1077054498@[192.168.100.25]>, Alex Bligh writes:

b) The real problem here is that there are TWO problems which interact.
  It is a specific case of the following general problem:
  * A desire for any to any end to end connectivity using the
    protocol concerned => filter free internet
  * No authentication scheme

Applying filters based on IP address & protocol (whether it's by filtering
or RBL) is in effect attempting to do authentication by IP address. We know
this is not a good model. People do, however, use it because there
currently is no realistic widely deployed alternative available. Those
that are currently available (e.g. SPF) are not widely deployed, and
in any case are far from perfect. Whilst we have no hammer, people will
keep using the screwdriver to drive in nails, and who can blame them?


Apart from the general undesirability of using IP addresses for 
authentication -- and I've been writing about that for 15 years -- the 
problem of authentication for anti-spam is ill-defined.  In fact, 
posing it as an authentication problem misses the point entirely.

In almost all circumstances, authentication is useful for one of two 
things: authorization or retribution.  But who says you need 
"authorization" to send email?  Authorized by whom?  On what criteria?  
Attempts to define "official" ISPs leads very quickly to the walled 
garden model -- you have to be part of the club to be able to send mail 
to its members, but the members themselves have to enforce good 
behavior by their subscribers.

Retribution doesn't work very well, either -- new identities are very 
easy to come by, and since most spammers are already committing other 
illegal acts (ranging from the "products" they advertise to the systems 
and address blocks they hijack) they're not easily dissuaded by laws.

Reasoning like this leads me to schemes that involve imposing cost.  It 
may be financial, it may be CPU cycles, it may be any of a number of 
things.  But it can't be identity based, except for recipient-based 
whitelists, and they have their own disadvantages.

                --Steve Bellovin, http://www.research.att.com/~smb



Current thread: