funsec mailing list archives
Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups)
From: Valdis.Kletnieks () vt edu
Date: Tue, 20 Oct 2009 08:53:49 -0400
On Tue, 20 Oct 2009 08:29:53 EDT, "G. D. Fuego" said:
Am I naive in considering spoofed sender spam and true sender spam (including stolen credentials) two separate problems requiring two separate tactics.
In both cases - spoofed and stolen creds - the mail isn't sent by the person it claims to be sent by. The only difference is the details.
Implementing an as of yet undefined solution to limit all emails to the real domain infrastructure seems worthwhile to me even if it dosent solve the stolen credential or incompetant admin problems.
There are two easily implemented ways for the spammers to do it. You address one, and totally fail to fix the other. All this does is create a lot of work for a lot of people in order to shift the problem over to the other way, where they continue unabated. So why is it worthwhile? As has been pointed out, there's around 100M compromised boxes with credentials waiting to be abused. Anything that fails to account for that is simply not worth the effort, as it's broken as designed.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups), (continued)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) der Mouse (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Paul M. Moriarty (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Michael Collins (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) der Mouse (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Larry Seltzer (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) G. D. Fuego (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Valdis . Kletnieks (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Nick FitzGerald (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Michael Collins (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 13)