nanog mailing list archives
Re: IPv6 isn't SMTP
From: Barry Shein <bzs () world std com>
Date: Thu, 27 Mar 2014 19:32:16 -0400
On March 27, 2014 at 14:16 blake () ispn net (Blake Hudson) wrote:
Barry Shein wrote the following on 3/27/2014 2:06 PM:I suppose the obvious question is: What's to stop a spammer from putting a totally legitimate key into their spam?It's entirely likely that a spammer would try to get a hold of a key due to its value or that someone you've done business with would share keys with a "business" partner . But ideally you'd authorize each sender with a unique key (or some sort of pair/combination). So that 1) you can tell who the spammer sourced the key from and 2) you can revoke the compromised key's authorization to send you subsequent email messages. There's probably some way to generate authorization such that each sender gets a unique key or a generic base is in some way salted or combined with information from the individual you're giving your authorization to such that the result is both unique and identifiable.
Ok, this is a form of whitelisting with some authentication using public key technology. Sure. But is this really the problem you run into much? Someone impersonating a sender you consider whitelisted? I'm sure it happens. But at a systems level I think most of us are talking about the much more nefarious non-stop fire-hose of pure sewage. Some white list, but for many that runs too great a risk of rejecting serendipity, that great job offer from someone who was impressed by a post you made on NANOG, etc. So we get Challenge-Response etc as a workaround, which also has problems. Well, whatever, SPAM IS A BIG SUBJECT and there are a lot of perspectives. P.S. I always figured the problem you describe could be very trivially solved by just agreeing to stick some word in the header like: X-PassCode: swordfish It's not like anyone but the sender is likely to know that unless they really are in your mail stream in which case you have other problems. It would be nice if that were automated but it could be done manually. I have certain Subject: phrases I use with people, some funny, so they know it's almost certainly me. -- -Barry Shein The World | bzs () TheWorld com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
Current thread:
- Re: IPv6 isn't SMTP, (continued)
- Re: IPv6 isn't SMTP John Levine (Mar 25)
- Re: IPv6 isn't SMTP Daniel Taylor (Mar 26)
- Re: IPv6 isn't SMTP rwebb () ropeguru com (Mar 26)
- Re: IPv6 isn't SMTP Andrew Sullivan (Mar 26)
- Re: IPv6 isn't SMTP Daniel Taylor (Mar 26)
- Re: IPv6 isn't SMTP Blake Hudson (Mar 26)
- Re: IPv6 isn't SMTP Jimmy Hess (Mar 26)
- Re: IPv6 isn't SMTP Blake Hudson (Mar 27)
- Re: IPv6 isn't SMTP Barry Shein (Mar 27)
- Re: IPv6 isn't SMTP Blake Hudson (Mar 27)
- Re: IPv6 isn't SMTP Barry Shein (Mar 27)
- Re: IPv6 isn't SMTP Blake Hudson (Mar 28)
- Re: IPv6 isn't SMTP Daniel Taylor (Mar 26)
- Re: IPv6 isn't SMTP Clay Fiske (Mar 27)
- Re: IPv6 isn't SMTP Blake Hudson (Mar 28)
- Re: IPv6 isn't SMTP John Levine (Mar 25)
- Re: IPv6 isn't SMTP Dave Crocker (Mar 27)
- Re: IPv6 isn't SMTP Lamar Owen (Mar 27)
- Re: IPv6 isn't SMTP James R Cutler (Mar 26)
- Re: IPv6 isn't SMTP John Levine (Mar 26)
- Re: IPv6 isn't SMTP Tony Finch (Mar 27)
- Re: IPv6 isn't SMTP Enno Rey (Mar 27)