This whole discussion should be taken to the YWKTIEDNWWFALNORIBNLTICSADEWSIFOSTFSTNOML working group. (yes we know that internet email does not work well for a large number of reasons, including but not limited to, incorrect code, spam and dare we say it failure of smtp to fully support the needs of mailing lists). The only way to resolve this issue properly would be to require every submission to an IETF mailing list to be cryptographically signed (PGP or S/MIME), to require the subscribers to register their signing key and to then filter the mail sent out on the list so that only signed mail gets through. While this would require a moderate degree of work on the part of the list users it would eliminate the need for moderator action. Problem posters could be dealt with by means of a formal process. Thawte still provides free S/MIME certificates, however for the purposes of this proposal it would suffice to use a self signed certificate. SPAM is becomming a serious problem - as Bersnteins own rather offensive spam protection measures atest. The only way to resolve that problem in the long run is to start authenticating the good signal at source. The strategy of attempting to isolate the bad signal from the good is failling progressively as the spam companies employ counter measures. The relevance of this to DNS is that the ability to authenticate an SRV record provides an imense amount of leverage in automating this process. For example I can have some form of information service set up linked to the DNS that tells people that I sign every one of my emails without exception and that any unsigned mail message can be rejected. SPAM is a security problem. If we don't fix it the signal to noise ratio will fall way below acceptable levels for many users. Phill > -----Original Message----- > From: Pekka Savola [mailto:pekkas@netcore.fi] > Sent: Saturday, November 30, 2002 8:00 AM > To: D. J. Bernstein > Cc: ietf@ietf.org; namedroppers@ops.ietf.org; iesg@ietf.org > Subject: Re: namedroppers, continued > > > [ post by non-subscriber. with the massive amount of spam, > it is easy to miss > and therefore delete posts by non-subscribers. if you wish > to regularly > post from an address that is not subscribed to this mailing > list, send a > message to <listname>-owner@ops.ietf.org and ask to have > the alternate > address added to the list of addresses from which submissions are > automatically accepted. ] > > On 29 Nov 2002, D. J. Bernstein wrote: > > Keith claims that allowing ``contributions from outsiders'' requires > > delay and manual review. That claim is absurd. Immediately > bounce the > > message to the ``outsider,'' with instructions explaining > how to have > > the message sent to subscribers; end of problem. > > No, it's not 'end of problem'. > > If I cross-post a reply to some message with was cross-posted > to a list > I'm subscribed at and a list I'm not, in the general case I > do *not* want > to subscribe to the other list to be able to send my > cross-post reply to > both. > > Waiting for moderator approval is just fine for me, much better than > requiring to subscribe or do something else. > > It's not black and white. > > -- > Pekka Savola "Tell me of difficulties surmounted, > Netcore Oy not those you stumble over and fall" > Systems. Networks. Security. -- Robert Jordan: A Crown of Swords > > > > > -- > to unsubscribe send a message to > namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> >
Attachment:
smime.p7s
Description: application/pkcs7-signature
