nanog mailing list archives
Re: Micorsoft's Sender ID Authentication......?
From: Matt Ghali <matt () snark net>
Date: Thu, 9 Jun 2005 17:40:55 -0700 (PDT)
On Thu, 9 Jun 2005, Stephen Sprunk wrote: If my grandmother has a "reputation" for sending legitimate email, and she inadvertently installs some spam zombie software, it is certainly feasible (and probably trivial) for the spammer to steal all her credentials and thus her "reputation". Spam will get out for a while, but once her "reputation" significantly degrades, it will be stopped -- as will any future legitimate email from her. No. You are (I suspect) deliberately ignoring the Big Picture. Your grandmother, if she is like most grandmothers, does not have a box coloed with a static IP from which she runs her own MTA. She gets a dynamic address assignment from her ISP. When her computer becomes infected with malware that causes it to emit abusive traffic, the reputation for that IP (or its containing netblock) is affected. The longer her ISP allows the abusive traffic, the lower the reputation becomes for that address (or its containing netblock). So you see, the reputation has nothing to do with your mom, and everything to do with the controlling entity, her ISP. Which makes the whole address-based sender reputation scheme almost workable, if you ignore the scaling issues. This "solution" strikes me as worse than the problem it tries to address. I'd never call it a "solution", but it is certainly a useful tool to use along with others in order to more successfully manage the problem. matto --matt () snark net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Current thread:
- Re: Micorsoft's Sender ID Authentication......?, (continued)
- Re: Micorsoft's Sender ID Authentication......? Daniel Golding (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? John Levine (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? J.D. Falk (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Suresh Ramasubramanian (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Tony Finch (Jun 08)
- Re: Micorsoft's Sender ID Authentication......? Suresh Ramasubramanian (Jun 08)
- Re: Micorsoft's Sender ID Authentication......? John Levine (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Barry Shein (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? william(at)elan.net (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Douglas Otis (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Daniel Golding (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Stephen Sprunk (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Matt Ghali (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Valdis . Kletnieks (Jun 10)
- Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Andre Oppermann (Jun 10)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Suresh Ramasubramanian (Jun 10)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Barry Shein (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Steve Sobol (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Valdis . Kletnieks (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Steve Sobol (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] william(at)elan.net (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] John Levine (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Barry Shein (Jun 13)