RE: spoofing email addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: "Christian Huitema" <huitema@xxxxxxxxxxxxxxxxxxxxx>

> >   1. block port 25 to external IP addresses for all of your customers
> >     except those with what draft-klensin-ip-service-terms-01.txt calls
> >     Full Internet Connectivity.
>
> ... and receive a flood of complaints because 10% of your users are
> using a mail service provided by someone else than you.

That's a significant problem, but so what?  Stopping spam is not without
costs. The spam problem exists only because service providers sell
other than Full Internet Connectivity and cannot charge enough for the
other flavors to squash abuse.

The reason spam is a problem is that ISPs are unwilling or unable to
pay the costs necessary to zap spamming customers.  If spam were a
certain path to termination with prejudice, there would be no significant
spam.  If ISPs would immediately and permanently terminate all spamming
customers and refuse to exchange STMP/TCP/IP with other ISPs that fail
to terminate spammers, there would be no spam problem and no need for
blocking port 25 and so forth.

If Microsoft would have been willing to pay the costs to ship secure
software for the last 10 years, than the spam distribution mechanism
currently favored by the worst spammers would not exist.


> >   2. Do not sell Full Internet Connectivity to anyone running Microsoft
> >     software exposed to the Internet.
>
> Regardless of whether Microsoft's software can be secured (it can), 

As we all know, that is true in Microsoft marketing liturature and
plausible theories but false in practice.  As I said, practically all
desktop Windows XP and NT installations have users running browsers
and MUAs as "administrator."  Contrary to the knowingly misleading
statements from Microsoft appologists, that fact makes Windows a
hopelessly insecure system.

Then there are the versions of Windows not related to Windows NT
that cannot be secured even in theory.

>                                                                     this
> is a big no-op as a PC behind a "home firewall" is still at risk from
> e-mail viruses and questionable web downloads.

A PC running Microsoft software behind a "home firewall" for most
meanings of that phrase including Microsoft's is not protected. 
It must not be exposed to the Internet.


> >   3. The effects of #1 and #2 include forcing all mail from the usual
> >     suspects through your own mail systems so that you can do as the
> >     credit card companies do.  Track SMTP envelope Mail_To values or
> >     other characteristics for each customer.  When you see a change,
> >     contact the customer by voice to check.
>
> So the solution to Spam has to be a massive surrender of privacy! 

This statement is disingenous.  No existing privacy is lost.  It is
just as false and dishonest to claim that the credit card companies
reduce someone's privacy with their anti-fraud mechanisms.  Exactly
the same mail information is already present in ISP SMTP server logs.
Privacy is not lost by people acting on your private information.  It
is lost when your private information is collected.  Changing how
computers manipulate your no-longer-private information does not reduce
your privacy.  Disclosing the fact that you do not have privacy
does not reduce your privacy.

If you want privacy, you must use cash instead of a credit card.
You must also buy full internet connectivity, run your own SMTP
client, and use at least SMTP-TLS, and of course, that's only a
start toward mail privacy.


> I am afraid that you are falling in the very trap that you often
> denounce, present you personal definitive solution to Spam...

My modest proposal would stop spam, but is not unique.  As I wrote in
words you did not quote, the spam problem results from service providers
such as UUNet, Comcast, and Yahoo and software vendors such as your
employer refusing to pay their shares of the costs to stop network abuse.


Vernon Schryver    vjs@xxxxxxxxxxxx


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]