1998-02-21 - Re: Is spam really a problem?

Header Data

From: sunder <sunder@brainlink.com>
To: Information Security <guy@panix.com>
Message Hash: a81f2a98fe491366502e52e3f705515acdb89e50e6fe75f0aee93cfd3504499c
Message ID: <34EC98A6.363D0100@brainlink.com>
Reply To: <199802182107.QAA00482@panix2.panix.com>
UTC Datetime: 1998-02-21 16:53:56 UTC
Raw Date: Sat, 21 Feb 1998 08:53:56 -0800 (PST)

Raw message

From: sunder <sunder@brainlink.com>
Date: Sat, 21 Feb 1998 08:53:56 -0800 (PST)
To: Information Security <guy@panix.com>
Subject: Re: Is spam really a problem?
In-Reply-To: <199802182107.QAA00482@panix2.panix.com>
Message-ID: <34EC98A6.363D0100@brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain

Information Security wrote:

>    >   From sunder@brainlink.com Wed Feb 18 15:58:46 1998
>    >
>    >   Anonymous wrote:
>    >   >
>    >   > I see discussion of spam here and everywhere on
>    >   > the net. But who finds it a *real* problem, and
>    >   > why?
> Why are you asking the cypherpunks list?

I didn't. Anonymous did.  
>    >   There are nice technical solutions to this.  If sendmail didn't transport
>    >   things unauthenticated it could be done, but at a cost in CPU cycles on mail
>    >   servers:
>    >
>    >   Have every sendmail server use a PK scheme to talk to every other
>    >   server and authenticate the connection.  Have every sendmail server accept
>    >   mail only from those whose key is verified.
> Nonsense.
> We (NANA) already know where spam comes from,
> and when we complain about it, they are terminated.

Until someone else gets a throw away $10 account and uses it to 
spam, right?  By the time you track'em down, they already gave up
that account.  All ISP's do is to delete the spamming account, which
the spammer doesn't care about anyway.  So you achive nothing.

Further one can generate fake headers and you would not know exactly where
it comes from, though you could have some idea since it would be one of
many sites it was relayed from.  One could send messages from an ISP
that doesn't mind spammers who won't help you track down the bitch that
just slimed your machine, etc.

> PK authentication would change nothing.
> Show a single spam with a forged IP address.

IP addresses won't be forged, but one could send
a mail with extra Recieved-By: headers, etc.
> PK authentication would only lead us down the
> road of everyone being tattooed with barcodes
> of our own making - and incredibly dumb idea.
> It would be like requiring a smart card for Internet access.

Bullshit.  PK auth with a central repository would be Big Brotherish.
Having each user gen their own PK pair is what I suggested. That
would allow anon users to have persistant (or even throw away)
identities, but prevent Joe Spambitch from telnetting to port 25
and spamming that way.

Even if Joe Spambitch does gen PK pairs and uses them, he can't
gen a pair for every message he sends, the recipient servers won't
recognize his PK pair and might have been instructed to block messages
from bad (and possibly unknown PK's), or at least refuse to relay
messages from unknown PK's.  Relaying is a big problem.


.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|sunder@sundernet.com|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================