Re: covert channel and noise -- was Re: proposal ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Dean Anderson wrote:
> 
>It isn't the case that the spammer
> intended to send a message about the superbowl, but somehow "noise"
> altered the message to a solicitation on viagra. Rather, they intended to
> send a message on viagra, and you recieved their message, noise free.
> But seeing the solication for viagra, you became upset, and reported a
> complaint about the inappropriate use of the channel. In
> information-theory-speak, you report a "communication in violation of the
> security model"; a covert or sneaky channel.

I guess we agree that if the message can be read by the intended recipient 
then it's not in a covert channel. A covert channel is one that can't even 
be detected by the intended recipient. But, you may ask, "who" is the 
intended recipient? 

In anti-spam email systems, we can usually recognize three "whos":

#1: My MTA
#2: My MUA
#3: Myself

The spammer's strategy is to send the spam message in such a  way
that it is undetectable by my MTA-MUA, while it is detectable and 
readable by me. In short, it needs to use a covert channel through my 
MTA-MUA, but not to me.

An example of such a covert channel is if a spammer hides information 
in the subject line by using wrongly spelled forms of "viagra", 
information which my MTA-MUA cannot detect. It's not a covert channel 
for me but it is for my defenses. But, once that message passes 
through to me, it becomes detectable, readable and I call it spam.

Does this mean that spam is defined by the rule

	"I (only) Know It When I See It!" 

and we have to accept a large failure rate in preventing spam, that 
can only be solved by laws and law enforcement? 

I want to emphasize that it does not have to be. Suppose a user can make
email senders pay a burden at their MTA or even at their MUA (e.g., a 
bounce requesting encryption and solution to a puzzle). In addition, using a 
selective scale defined by the user (so that selected mail senders have 
less burden) at their MTA and MUA, the user can make the spammer pay a 
price *as high as desired* by the user (not limited by R. Brown's comments).
In such case, the covert channel cannot even be established unless
the spammer pays a price -- a price that can be *as high as desired* by 
the *user*. This is the essence of the proposal (the devil is in details).

I take the example of the front door of your house. If you leave it open, 
so that a thief has no burden getting in, a thief probably will steal 
something from you -- even though the law says that theft is illegal.
What we need is to put a lock into our email communications door. A lock
that can be as hard to pick as the user wants, and yet easy to use
as the user wants it to be used.

Spammers are thiefs -- they steal time and resources, they make us
reject legitimate email. They cost a lot of  money to all of us. 
They have not been and will not be deterred by law alone. There
is also no "world law" and spammers are often hidding behind
legitimate users that change all the time. We can't lock the
spammers' doors everywhere, we have to lock our door at our house. 

BTW, to propose something simple, "running code" helps before any 
discussion.  In a system as complex as email, however, one would 
have to be naive to even think about "running code" before "running 
comments." I thank you all for the public discussion on this topic, 
through which I have learned a great deal, including people's first
barriers to change.


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]