Re: spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



on 5/30/2003 12:05 PM Vernon Schryver wrote:

> None of the even slightly plausible anti-forgery proposals have even 
> the slightest believable effects toward enforcing the use of known 
> identities.

They don't have to be "known" identies to provide accountability measures,
they only have to be verifiable. The proposals that even I think are too
complex are the ones that require the use of "known" identities
(exchanging tickets, bilateral postage agreements, etc).

Simply limiting the information to a "verifiable" scope can provide
sufficient levels of accountability. For exmaple, allowing self-signed
certificates but restricting their acceptance to the same mail domain
would provide some baseline measure of verification (DNS lookups), and
would provide some level of accountability (through the DNS domain
delegation information), and would provide additional strenght to the
available enforcement options. None of that requires "known" identities
(btw, I'm not ready to propose that usage model, just laying it out as an
example of how "known" identities aren't necessary to achieve a goal of
accountability through verified paths).

> No anti-forgery proposal has included anything that would 
> inconvenience a spammer that wants 10,000 "known identities." No price
> on certificates or any other mechanism can be low enough to be 
> tolerable by users but high enough to determine that the next new 
> account an ISP sees is not a known spammer with a new name, adresses, 
> and valid credit card number.

First of all, I think this is really an argument for legal options. I've
already stated that I don't think the spam problem in particular can be
"fixed" in the absence of legal enforcement options.

Secondarily, if we wanted to be productive (forward-moving) on this
particular subject, we should be discussing the mechanisms that would be
needed and/or useful towards making the necessary retrieval, comparison
and enforcement functions useful, and which would in turn make any of the
available enforcement options useful. I don't find the current absence of
credible services (WHOIS is currently useless) to be a compelling argument
against their eventual presence (WHOISng may be more useful), nor as
compelling arguments against their subsequent integration with other
services (integration between a WHOISng and an SMTPng for locating all of
the domains associated with a known offender, as one possibility). We
already know we're going to need some kind of identification mechanism, so
what else would we need as part of that?

>> The first step in that means weakening the ability to use forgery 
>> techniques as a shield, but that's just a start. It should also help 
>> against some of the prevarication you describe above, since there
>> would be less room for waffling if recipients were able to "prove" by
>> verifiable transfer-path analysis that a particular node had
>> absolutely sent some piece of spam.  ...
> 
> That should sound like the mistake it is in a more or less technical 
> setting like this.  There has never been any lack of a "verifiable 
> transfer-path analysis that a particular node had absolutely sent some 
> piece of spam" unless you believe that spammers use initial sequence 
> number prediction to forge IP addresses.  You always know the IP 
> address of the SMTP client, even if it is a relay or proxy.  ISPs could
> and should hold operators of open relays and proxies accountable for
> sending the spam their systems send.

Conceding that "ISPs could and should hold operators...accountable"
doesn't dismiss the claims, and neither does the rest of your text.

Preventing the use of proxies through verifiable end-system identifiers is
one of "the first steps" I referred to. The problem would mostly move into
the relay and direct-sender space, but those uses could be dealt with much
more aggressively given the "proof" that would be available afterwards;
the range of enforcement options are all strengthened by better proof. The
original claims stand, despite your concession and fist-waving.

>> Secondarily, there is another class of user where forgeries are 
>> problematic in their own right, which is outright impersonation
>> and/or fraud, and in that context the anti-forgery capabilities would
>> stand as a unique benefit. However, the enforcement options which
>> were made available to those users as a result of the accountability
>> features would be no less compelling to those users if forgery were
>> attempted and caught.
> 
> Please point out a single such case where header forgery was not
> obvious and that needed or could have used any extra machinery.

In 1993, Adelyn Lee won a $100,000 wrongful-termination settlement against
Oracle, partially using forged email between her superiors as evidence.
Four years later the forgery was exposed, but the evidence that did her in
was testimony, log files, and cell-phone records, not the email message.
It seems obvious to me that a mail system which offered the kinds of
accountability features we're talking about and which cost less than the
settlement costs, corporate personnel and legal fees would have been well
worth the expense to them.

http://www.wired.com/news/technology/0,1282,9641,00.html describes three
different instances of fraudulent misrepresentation of Yahoo, any of which
would have been ameliorated with half-decent identity information which
clearly indicated the user was a customer and not an employee of Yahoo.
I've no idea what the dollar cost to Yahoo was, but the legal time alone
couldn't have been cheap, not to mention the economic impact from loss of
credibility.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]