Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, Sep 06, 2003 at 11:32:04PM +1000, Russell Coker wrote: DNSBL's and spamassasin seem quite good at dealing with spam and are much less annoying. That combined with some new laws that are being enacted to combat spam should keep it to a managable level. oh, please tell me that these new laws are going to be the replacement of Duck Season with Spammer Season (Jan to Dec in any year). that'll work. i sometimes think that it's the ONLY thing that will really work. craig
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, 6 Sep 2003 06:56, david nicol wrote: Unlike TMDA's distributed profusion of extended addresses, a central RAPNAP (return address, peer network address pair) database only needs to send out a challenge when you change your outgoing SMTP server. In effect, a central server caches challenge responses, so individual challenges are no required all the time. Interesting idea. A spammer then only has to respond to a challenge once and they can then spam thousands of people. But only from an account which is really theirs. RAPNAP provides a working minimal verification on the return address for sender-pays systems. Sure you can forge an e-mail with my return address, but you can't forge an e-mail with both my return address and the peer network address of the machine I generally send e-mail through, from your connection in Australia. Here's how it works. Spammer creates account [EMAIL PROTECTED] and sends their first spam to a C-R system, when the challenge comes in they acknowledge it and from then on the C-R system does not bother them because they keep using the same small range of IP addresses. Hotmail cancels their account pretty quickly, but as the C-R system does not send any changes unless they change their IP address (and they don't change their IP address to avoid C-R systems) then it's not a problem for them. For challenge response to work it has to be annoying to lots of people. Anything that stops it being annoying will stop it working. That's why it is broken. Challenge-response, BY ITSELF ONLY, suffers from that problem. When combined with other methods, CR is useful, and is _less annoying_ then alternatives, such as requiring all correspondents to install PGP for instance. DNSBL's and spamassasin seem quite good at dealing with spam and are much less annoying. That combined with some new laws that are being enacted to combat spam should keep it to a managable level. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, 2003-09-06 at 08:32, Russell Coker wrote: Here's how it works. Spammer creates account [EMAIL PROTECTED] and sends their first spam to a C-R system, when the challenge comes in they acknowledge it and from then on the C-R system does not bother them because they keep using the same small range of IP addresses. Hotmail cancels their account pretty quickly, but as the C-R system does not send any changes unless they change their IP address (and they don't change their IP address to avoid C-R systems) then it's not a problem for them. Spammer pays the pay2send infrastructure ten thousand dollars in advance to send from the return address [EMAIL PROTECTED], and all participating mail gateways bill out of the payment made in advance, and when the ten thousand runs out, the mail from [EMAIL PROTECTED] is no longer relayed. The C-R system prevents someone who is not using spammer's IP address from forging [EMAIL PROTECTED] as a return address and stealing part of spammer's postage budget. Don't hate spammers, figure out a way to bill them. They are in business, they pay for things, they expect to be billed. Everyone who has considered sender-pays agrees that it provides a better solution than legislation.
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, Sep 06, 2003 at 06:02:07PM -0500, david nicol wrote: Don't hate spammers, figure out a way to bill them. They are in business, they pay for things, they expect to be billed. Everyone who has considered sender-pays agrees that it provides a better solution than legislation. Again with the It's better than impaling yourself upon an iron spike rationale. Cut it out. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | pgpr8s7Uvjw8r.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Thu, 4 Sep 2003 18:32, david nicol wrote: I've been trying to popularize a centralized challenge-response database since last fall. It seems to me that becoming a debian package maintainer for the software to use it would make sense. Unlike TMDA's distributed profusion of extended addresses, a central RAPNAP (return address, peer network address pair) database only needs to send out a challenge when you change your outgoing SMTP server. In effect, a central server caches challenge responses, so individual challenges are no required all the time. Interesting idea. A spammer then only has to respond to a challenge once and they can then spam thousands of people. For challenge response to work it has to be annoying to lots of people. Anything that stops it being annoying will stop it working. That's why it is broken. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Fri, 2003-09-05 at 00:16, Russell Coker wrote: On Thu, 4 Sep 2003 18:32, david nicol wrote: I've been trying to popularize a centralized challenge-response database since last fall. It seems to me that becoming a debian package maintainer for the software to use it would make sense. Unlike TMDA's distributed profusion of extended addresses, a central RAPNAP (return address, peer network address pair) database only needs to send out a challenge when you change your outgoing SMTP server. In effect, a central server caches challenge responses, so individual challenges are no required all the time. Interesting idea. A spammer then only has to respond to a challenge once and they can then spam thousands of people. But only from an account which is really theirs. RAPNAP provides a working minimal verification on the return address for sender-pays systems. Sure you can forge an e-mail with my return address, but you can't forge an e-mail with both my return address and the peer network address of the machine I generally send e-mail through, from your connection in Australia. And there is an adoption lag, which we are currently in, between when people start checking return addresses against the RAPNAP database and when spammers start bothering to return the challenges, which may appear to automated list software as bounces. The accounts (such as [EMAIL PROTECTED]) which I have set up which use the RAPNAP system exclusively to filter incoming messages receive no spam, yet. Incorporating a RAPNAP listing into spamassassin as something with a postive weight would be most effective IMO. For challenge response to work it has to be annoying to lots of people. Anything that stops it being annoying will stop it working. That's why it is broken. Challenge-response, BY ITSELF ONLY, suffers from that problem. When combined with other methods, CR is useful, and is _less annoying_ then alternatives, such as requiring all correspondents to install PGP for instance.
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Fri, Sep 05, 2003 at 03:56:16PM -0500, david nicol wrote: For challenge response to work it has to be annoying to lots of people. Anything that stops it being annoying will stop it working. That's why it is broken. Challenge-response, BY ITSELF ONLY, suffers from that problem. When combined with other methods, CR is useful, and is _less annoying_ then alternatives, such as requiring all correspondents to install PGP for instance. Every single one of these alternatives is dangerously insane. I don't think It's better than hurling yourself into a meat grinder is a good rationale for doing something. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | pgpQtgmPSBi9N.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
Hello I've been trying to popularize a centralized challenge-response database since last fall. It seems to me that becoming a debian package maintainer for the software to use it would make sense. Unlike TMDA's distributed profusion of extended addresses, a central RAPNAP (return address, peer network address pair) database only needs to send out a challenge when you change your outgoing SMTP server. In effect, a central server caches challenge responses, so individual challenges are no required all the time. I suppose a RAPNAP patch for Mailman would be a good thing to write... David Nicol
