Russell Nelson wrote:
> Mike Holling writes:
> > Exactly. The implicit assumption being promoted here is that an ISP's
> > mail server is somehow more "legitimate" than an arbitrary mailserver on
> > the Internet. As Russ has just demonstrated, there is quite a bit of
> > legitimate mail transacted on non-ISP servers.
>
> Why should I trust J. Random SMTP client to be non-abusive? You're
> trying to convince me that I should trust *all* SMTP clients equally.
> You're going to fail at that, because some have PROVEN themselves not
> worth of trust. I have the evidence of my own eyes -- the spam in my
> mailbox.
>
> How does one develop trust? Through credentials -- a chunk of
> information that says that you are who you say you are. How do the
> credentials become believable? Because of the reputation of the
> issuing institution.
>
> Machines with static IP addresses have a credential -- the
> correspondance between name and number. Muncher.math.uic.edu has
> proven itself trustworthy. How do I know it is muncher? By it's IP
> address, and by the reverse DNS record that identifies it as muncher.
> Could someone forge muncher's identity? Yes, by DNS spoofing. That
> is too much work for spammers, however.
>
> Unfortunately for the legitimate users, dialup users have proven
> themselves untrustworthy, because they are at the moment of connection
> anonymous. How can they generate the necessary trust? Well, for one,
> by having a DNS record which identifies them as trustworthy. Their
> ISP can issue them a address from a pool which is trusted, once they
> have proven their trust. Or vice-versa, a new or trial user would be
> given an address in a pool which is not trusted.
>
> Another way they could be trusted is by going through a proxy. This
> proxy runs on a host with a credential, and allows access only to
> trusted SMTP clients.
>
> I'm sure that there are other methods for developing trust. One thing
> is for sure: you can't trust random SMTP clients. This is not your
> father's ARPANet, where all hosts were by definition trusted.
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
> Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
You assume an ISP would do this. Really? That's an awful lot of work for
something an Inbox filter would stop. And what's to stop someone from buying a
static IP from their ISP with its own lovely domain and spamming the world
freely? Or relaying off of some server 2 thousand miles away that doesn't
block relays? Some mail servers cant (for example sites like yahoo.com who
have mail gateways... by the way, about 50-60% of spam I receive comes from
"trusted" mail servers on mail gateways like this). More and more spammers are
putting "ADV:" in their topics as is required by law and more and more are
also sending "To be removed" messages. While the to be removed messages don't
really work half the time, I think it is safe to say that a well constructed
message filter could be made to block these out, if not on the MUA level, on
the mail server level.
--
Cris Daniluk [EMAIL PROTECTED]
-------------------------------------------------------------
Digital Services Network, Inc. http://www.dsnet.net
1129 Niles-Cortland Road, Warren, Ohio 44484 [EMAIL PROTECTED]
(330) 609-8624 ext. 20 Fax (330) 609-9990
The Web Hosting Specialists
-------------------------------------------------------------
