On Thu, 27 May 2004 18:23:17 +0200, Iljitsch van Beijnum said: > There is also the possibility of blacklisting known bad credentials. Anybody who's had to get themselves out of 3,000 private blacklists, and anybody who's had to fight with places that were blackholing the 69/8 address space, knows that private blacklists are a bad idea. And nobody seems to want to trust anybody to run a public blacklist to everybody's satisfaction. Consider that we as an industry haven't even figured out how to pick an organization to supervise the DNS to everybody's satisfaction. Think about ICANN and "how many TLD's should there be?" and Verisign's "Site Finder". Add in Matt Blaze's adage about "A CA can protect you from anybody they're not accepting money from", and the various jurisdictional issues. Then ask yourself if we're in any position to let *anybody* decide "You can't send/receive email". (Notice, I haven't said it's impossible - I said that we as a community don't know how to do it. There's a big and very important distinction there...) > Yes, spammers can steal credentials, but this is several orders of > magnitude more difficult than just generating a random from address as > can be done today. The question is whether spammers can obtain new > credentials (stolen or otherwise) faster than others can blacklist > them. For user-based credentials this could very well be the case > (although I'm not conceding to that), but for MTA-based credentials it > should be possible to rate limit the obtaining of a new identity such > that spammers can no longer reach critical mass. (I.e., wait a week > before you can use an MTA with a certain address, then spam an hour > before you're blacklisted reduces the amount of spam that can be sent > from an address by a factor 169.) There's two problems with this: 1) Waiting a week probably isn't a sellable to the user community. If you don't believe me, consider how fast people bailed their domain registrations away from a registrar that had a reputation of taking a week to do anything, and going to registrars that promised setup times measured in hours. 2) The assumption that you can catch, verify, and deploy a blacklist for a spammer in an hour is highly suspect, for several reasons: (a) it means that the *effective* TTL of a DNS MX entry is much lower than an hour (as everybody will have to re-fetch at least 2-3 times an hour to verify they're not blacklisted - a once-an-hour update means that on the *average* there will be a 30 minute delay, and up to 59 minutes at worst case). Notice how few software products that use X.509 certs actually implement CRL's *correctly*... (b) "Under an hour" deployment almost certainly implies an automated process to blacklist.. That has "denial of service" written all over it.... Again, I haven't said it's *impossible* - merely that we've not seen a concrete proposal that actually has the right scaling and uptake characteristics... > "The people who claim that something can't be done shouldn't get in the > way of the people doing it." I didn't say it *cant* be done. I said there were known problems that any successful solution would have to address. Solving the spam problem is like solving global warming - neither is a problem that demonstrably *cant* be done, but both are problems that we don't know how to solve and which don't have anybody actively solving the problem in a production mode (the fact that both are still perceived as a problem is proof that neither is actually being solved).
Attachment:
pgp00443.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf