RE: Testing Root A going away
On Sat, 30 Aug 2003 18:03:59 -0400 (EDT), Dean Anderson wrote: Spam can be detected, and stopped after detection, but it cannot be made impossible to send. The question is really whether SMTP has sufficient identification information to track down an abuser, or infected user. The answer to this question is yes. Even with an open proxy, the SMTP information will identify the open proxy. You cannot prevent it from being sent ONCE and, as you have so elegantly stated, no technical means will ever succeed in stopping spam. But (as you say above) you can identify the upload path. The only solution is to shut down the upload path, which is the method (generically speaking) that society at large uses to handle such problems. Those interested in this variant approach may wish to take a look at http://www.camblab.com/nugget/spam_03.pdf [the reasoning] and http://www.camblab.com/misc/univ_std.txt [the fix]. On the sound basis, shown time over time in multiple industries, that quality is free, the variant approach I nominate will be essentially costless. I'd welcome any comments. Jeffrey Race
Re: Testing Root A going away
On Sat, 30 Aug 2003 22:54:34 +0200 Iljitsch van Beijnum [EMAIL PROTECTED] wrote: Well, draft-fecyk-dsprotocol-04.txt is in the RFC editor queue that's odd. the document claims to be a candidate for proposed standard, but the I-D tracker says not assigned yet under shepherding AD. and I haven't seen any Last Call announcement nor any request for it to be reviewed in the usual fora that discuss email topics (e.g. ietf-smtp). so I think it has a ways to go before publication.
RE: Testing Root A going away
Didn't J Postel run a test similar to that once G... On a side note, how would you go about testing something like this ? Obviously, cutting of the A root would have some pretty drastic consequences. On the other hand, there are many computers that have no business contacting directly the root servers. For example, in many enterprises and campuses, computers are suppose to send their DNS traffic to a configured relay. What would be considered pass/fail metrics - well written applications vs. people doing silly and stupid things (ie. Would it be consisdered a failrue that sobig fails because it was incorrectly written ?) Looking at bugs in worms and using these bugs to squash the worms is fair game. Another known bug is the SMTP Hello line always contains a single token host name, instead of an FQDN. However, it is very likely that such bugs will be corrected in a next release -- say, Sobig.G. The better question for the IETF is whether we should do something to SMTP to make it less easy to send spoofed mail. -- Christian Huitema
RE: Testing Root A going away
The better question for the IETF is whether we should do something to SMTP to make it less easy to send spoofed mail. what, so one couldn't telnet in and send arbitrary mail? include a reversedns lookup in SMTP? good luck on widespread implementation. -- Christian Huitema sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81/
Re: Testing Root A going away
On zaterdag, aug 30, 2003, at 21:28 Europe/Amsterdam, Christian Huitema wrote: Obviously, cutting of the A root would have some pretty drastic consequences. If that is the case then some people have been reading the relevant RFCs with their eyes closed. The only consequence should some sporadic short delays when a resolver asks the A but there is no answer so there is a timeout and one of the other root servers must be consulted. On the other hand, there are many computers that have no business contacting directly the root servers. For example, in many enterprises and campuses, computers are suppose to send their DNS traffic to a configured relay. How would that make a difference, other than that a central resolver can cache more efficiently? If a host needs a domain in a not-yet-cached TLD resolved, then someone somewhere has to ask one of the root servers for the information about this TLD, whether this is the host that needs the information or some other system working on behalf of this host. The better question for the IETF is whether we should do something to SMTP to make it less easy to send spoofed mail. Well, draft-fecyk-dsprotocol-04.txt is in the RFC editor queue and this seems like a fair step in the good direction, without heaving read it in detail. So unless this is no good it should be shipped as and RFC and then the ball is in the vendors' court.
RE: Testing Root A going away
On Sat, 30 Aug 2003, Christian Huitema wrote: [snip] Obviously, cutting of the A root would have some pretty drastic consequences. On the other hand, there are many computers that have no business contacting directly the root servers. For example, in many enterprises and campuses, computers are suppose to send their DNS traffic to a configured relay. not realy. If 'A' stops answering you'll just ask questions of the others. The issue is not if 'A' goes off the air, there are always other servers to talk to. -rick
RE: Testing Root A going away
On Fri, 29 Aug 2003, shogunx wrote: The better question for the IETF is whether we should do something to SMTP to make it less easy to send spoofed mail. what, so one couldn't telnet in and send arbitrary mail? include a reversedns lookup in SMTP? good luck on widespread implementation. Reverse DNS lookups tell one nothing about the legitimacy of the email being sent. This has been hashed over on both namedroppers and DNSOP. I also recently hashed out the Information Theoretic problems with suppressing spam with a group of PhDs from one of my old companies. After a great deal of arguing about the definition of Covert Channel (in particular whether cooperation was required or not), it was determined (to a high degree of confidence--but not to a formal proof) that spam is indeed a covert channel, and therefore subject to the axiom that one cannot prove there are no covert channels. I should note that during the course of research I made to on the topic, which included reading a number of original papers on the subject of Covert Channels, Side Channels, and like concepts, I could find no written proof of this axiom, but neither was it challenged as being untrue. This confirms the intuition that digital signature schemes, and cost schemes and other such suppression schemes cannot succeed. Spam is essentially dependent on the will of the sender, and given viruses, that will can be subverted for many senders no matter what suppression scheme is used. Spam can be detected, and stopped after detection, but it cannot be made impossible to send. The question is really whether SMTP has sufficient identification information to track down an abuser, or infected user. The answer to this question is yes. Even with an open proxy, the SMTP information will identify the open proxy. The anonymity offered by the open proxy is completely independent of SMTP. However, to identify the abuser, one may need law enforcement authority, or be willing to undertake a civil action at some expense. This is consistent with the PSTN, in which the identify of a user can't generally be determined by another end user, but can usually be determined using law enforcement authority. Indeed, as with the PSTN, some anonymity is appropriate. One would probably not want to allow end users to be able to identify another end user against their will without a court order of some sort or some evidence of a criminal act. --Dean
