Another thought on the spam problem and Frequently Proposed Solutions
in general: as a community we have become obsessed with ephemeral
information. That is, we all sit in front of our terminals, read our
email, (re-)invent new ideas, and spew them instantly across the world;
these ideas are
From: Bob Braden [EMAIL PROTECTED]
...
Another thought on the spam problem and Frequently Proposed Solutions
in general: as a community we have become obsessed with ephemeral
information. That is, we all sit in front of our terminals, read our
email, (re-)invent new ideas, and spew them
--On Wednesday, 15 January, 2003 18:17 -0800 Dave Crocker
[EMAIL PROTECTED] wrote:
John,
Before someone makes suggestions about the magic bullet that
will solve spam problems, they should at least familiarize
themselves with the rather interesting range of startup
company approaches to
Dave, John,
at least in the case of spamming, it seems there is an agreement on the
interest of cataloging the internet engineering frequently proposed
solutions, to get a complet picture of the various existing and dropped
propositions. This might both help not to repeat the same propositions
John,
Before someone makes suggestions about the magic bullet that will solve
spam problems, they should at least familiarize themselves with the
rather interesting range of startup company approaches to handling the
problem. Everything ranging from keyword filtering by a commercial
version of
Folks,
Monday, January 13, 2003, 1:47:57 PM, you wrote:
* Could we not think of an FPS (frequently proposed
solutions)
John Absolutely. But such a hypothetical author would have to be
John very motivated.
Would there be some benefit in taking the first step of simply listing FPSs,
without
--On Tuesday, 07 January, 2003 13:33 -0500 Doug
[EMAIL PROTECTED] wrote:
Doug has rediscovered the idea of closing open mail relays to
prevent
unauthorised use by outsiders sending to outsiders. This was
a big thing in the early 90s when email became popular.
This may seem to be a bit
Dear John,
I am afraid that at this stage (e-mail + 40 or so years) telling someone to
read the archives has no meaning. And telling him to post if he has a
_new_idea either.
Could we not think of an FPS (frequently proposed solutions) where each
defeated solutions would be listed and quickly
--On Monday, 13 January, 2003 17:23 +0100 jfcm [EMAIL PROTECTED]
wrote:
Dear John,
I am afraid that at this stage (e-mail + 40 or so years)
telling someone to read the archives has no meaning. And
telling him to post if he has a _new_idea either.
You are entitled to your opinion. I was only
* Could we not think of an FPS (frequently proposed solutions)
* where each defeated solutions would be listed and quickly
* discussed. There would be two good reasons:
*
* 1. to provide a true list of what has been proposed. It would
* save time to all and provide a good
--On Monday, 13 January, 2003 20:51 + Bob Braden
[EMAIL PROTECTED] wrote:
* Could we not think of an FPS (frequently proposed
solutions) * where each defeated solutions would be
listed and quickly * discussed. There would be two good
reasons:
*
* 1. to provide a true
On 21:06 13/01/03, John C Klensin said:
--On Monday, 13 January, 2003 17:23 +0100 jfcm [EMAIL PROTECTED]
wrote:
Dear John,
I am afraid that at this stage (e-mail + 40 or so years)
telling someone to read the archives has no meaning. And
telling him to post if he has a _new_idea either.
You
In that environment, anybody can get around what you're
proposing by setting up their own first hop mail server.
Or n hop mail server, for that matter.
Melinda
On Mon, 06 Jan 2003 18:08:44 EST, Doug said:
You can tell the difference between 1, 2, and 3 because they all have
a different DNS/IP footprint.
They do? Are you sure of this? I'll give you a hint - if you're outside
the two /16's of our network, and you get an inbound SMTP connection from us,
At 13:05 07/01/03, Lloyd Wood wrote:
Doug has rediscovered the idea of closing open mail relays to prevent
unauthorised use by outsiders sending to outsiders. This was a big
thing in the early 90s when email became popular.
Doug has also come up with the idea of adding the IP address of the
Hello Mr. Wood,
- Original Message -
From: Lloyd Wood [EMAIL PROTECTED]
To: Doug [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, January 07, 2003 7:05 AM
Subject: Re: namedroppers, continued
Doug has rediscovered the idea of closing open mail relays to
prevent
On Tue, 07 Jan 2003 13:33:28 EST, Doug said:
After examining the headers of many of the spam advertisments I get
and trying to contact the administrator of the network it came from I
find that it is usually futile because the network doesn't exist and
the IP information is incorrect. I also
On Tue, 07 Jan 2003 15:26:55 -0500, [EMAIL PROTECTED] wrote:
The trick here is to remember that except for the relative few spammers that
are advocating a religious/political/philosophical viewpoint (a la Uncertainty
Principle is Untenable!), the spammers *WANT* you to be able to contact them
via
]
Sent: Tuesday, January 07, 2003 1:33 PM
Subject: Re: namedroppers, continued
Hello Mr. Wood,
- Original Message -
From: Lloyd Wood [EMAIL PROTECTED]
To: Doug [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, January 07, 2003 7:05 AM
Subject: Re: namedroppers
--On mandag, januar 06, 2003 02:01:27 -0500 Doug [EMAIL PROTECTED]
wrote:
Your proposal would fix the problem, but end up tossing a large quantity
of babies out with the bathwater. The problem is that for the case of
a mailing list, you have *4* (at least) things to keep track of:
There are
On Mon, 06 Jan 2003 02:01:27 EST, Doug said:
There are many comercial email servers that require the people sending email
with their server to log into the server using a valid username and pass
before
doing so. I doubt they are losing any valid emails. All it does is to keep
unauthorized
PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 06, 2003 10:00 AM
Subject: Re: namedroppers, continued
--On mandag, januar 06, 2003 02:01:27 -0500 Doug
[EMAIL PROTECTED]
wrote:
Your proposal would fix the problem, but end up tossing a large
quantity
of babies out with the bathwater
On Mon, 06 Jan 2003 14:38:09 EST, Doug [EMAIL PROTECTED] said:
I believe the answer to your first question is you would send mail
using
your own mail server not someone else's. Although...I do see unique
issues
involved in people using mail servers that are not part of their
network
-
From: [EMAIL PROTECTED]
To: Doug [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 06, 2003 3:36 PM
Subject: Re: namedroppers, continued
I believe the answer to your first question is you would send mail
using
your own mail server not someone else's. Although...I do see unique
haven't caught up
with the list yet.
- Original Message -
From: Fred Baker [EMAIL PROTECTED]
To: Hallam-Baker, Phillip [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, December 06, 2002 4:41 PM
Subject: RE: namedroppers, continued
At 08:28 AM 12/2
On Mon, 06 Jan 2003 15:46:08 +1200, Franck Martin said:
Some people on the IETF as being technos lack people skills, that's why they
work with computers...
I usually explain it as We're talking here about a collection of people who
are paid vast sums of money for their ability to carry on
On Sun, 05 Jan 2003 19:04:41 EST, Doug said:
It seems to me if the mail server administrators would make the decision to
require people that send emails from their servers to log into a valid
Your proposal would fix the problem, but end up tossing a large quantity
of babies out with the
- Original Message -
From: [EMAIL PROTECTED]
To: Doug [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 06, 2003 1:23 AM
Subject: Re: namedroppers, continued
It seems to me if the mail server administrators would make the decision
to
require people that send emails from
Dave,
It's not all that unclear either. The really nasty spammers
use anonymity in at least two ways: to avoid filtering and to avoid
being billed for wasting our time, storage capacity, bandwidth and
other resources. Taking anonymity away from these people would be
the long overdue
I checked 39USC and 39CFR955 I guess the postal service maintains a list if
you want to not receive mailing for sexually oriented materials,
sweepstakes, and pandering solicitations. But that's about it. As far as the
USPS goes.
I have not yet tried filing a form 1500, but, if you believe the
On Tue, 10 Dec 2002 08:57:59 EST, Gray, Eric said:
On top of that, some spammers are actually breaking the law.
Gotten any South African my late died and left me ...
mail lately? Those people belong in jail...
Or this:
http://ars.userfriendly.org/cartoons/?id=20021209
(OK,
For those of you who are in the Boston area, the following
presentation might be of interest, given recent discussions about
methods of compating SPAM. It is hosted by the MIT Laboratory for
Computer Science's Applied Security Reading Group.
- Ted
Every domain would have to have a public key that the public could find.
Then every mailserver would have to check every message.
And spammers could still send spam, because they are authorized to send
email from some ISP, using that ISP's domain, and that ISP mailserver will
sign their email.
And how much before Randy was moderator?
I'm on other large, subscriber-restricted, public lists, where this isn't
a significant problem.
--Dean
On Fri, 6 Dec 2002, Hallam-Baker, Phillip wrote:
How much spam is going to namedroppers?
Well none since Randy Bush and a bunch
--On Friday, 06 December, 2002 16:22 -0700 Vernon Schryver
[EMAIL PROTECTED] wrote:
From: Marc Schneiders [EMAIL PROTECTED]
...
It might be easier to write a new protocol to succeed email,
instant messaging, mobile phones (something useful in itself)
with built-in abuse control from the
] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 3:59 PM
To: Marc Schneiders
Cc: Fred Baker; Hallam-Baker, Phillip; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: namedroppers, continued
I'v been saying about need for more radical change in mail
protocol for
years now on mailing
Vernon Schryver wrote:
It's been years since it was possible to be amused by the number of
people who assume that spammers are more ignorant and less competent
than they are, and so propose spam solutions predicated on spammers
being unable to register as many names, keys, identities, or
Paul Vixie wrote:
- many ISPs won't let you forward or submit mail through someone
else's SMTP server, even if you have permission to do so. so you
can't forward your mail through your home ISP's mail server to
allow the mail from check to work.
in that case you'd be wise to not
This seems clever, however, it will also take significant computational
effort to verify the computational effort was actually done. Even if a
class of functions are found that are easier to verify than to compute,
they will no doubt still take up a significant fraction of time.
Also, all
This doesn't adequately describe backup relays. If uunet is providing an
alternate relay service, then all or any of uunet's relays might be
providing that service. So it would have to be able to recursively look up
uunets mail-from mx's, and the mail-from mx's of any subdomains listed by
uunet.
On Fri, 6 Dec 2002, Ayyasamy, Senthilkumarwrote:
If the proof of effort requires, say, 10 seconds to compute, then the
economics of sending spam are radically altered, as a single machine
can send only 8,000 messages per day.
Wouldn't something like this cause problems for (large/free)
To make them do all the work, and you do little to verify, you need a lot
of things done independently, so that a random sample can be selected that
is much smaller than the work they had to do. This will get bulky. The
less they send, the larger the fraction of work you have to do in relation
to
On Sun, 8 Dec 2002, Lloyd Wood wrote:
Sender pays is good. The penny black stamp effectively introduced a
flat-rate tax on sending letters, rather than a variable-rate tax on
receiving them, effectively turning mail into a common good available
to all society.
You assume this really means the
From: Stephen Sprunk [EMAIL PROTECTED]
...
The problem I've seen repeatedly, including in an off-list discussion I'm
having about this topic, is people confusing authentication with
authorization.
...
Yes, that's a good way of putting the problem, but only for those able
and willing to see
On Mon, 09 Dec 2002 11:52:26 CST, Stephen Sprunk [EMAIL PROTECTED] said:
The problem I've seen repeatedly, including in an off-list discussion I'm
having about this topic, is people confusing authentication with
authorization.
Authentication: Yes, you seem to be Jeffrey Dahlmer.
Thus spake [EMAIL PROTECTED]
Authentication: Yes, you seem to be Jeffrey Dahlmer.
Authorization: You say you'd like to borrow a steak knife?
Usually clears up the confusion in all but the most sluggish mind.. ;)
That's a very clear example, thanks.
However, authorization usually implies
At 16:53 -0500 12/9/02, [EMAIL PROTECTED] wrote:
However, authorization usually implies authentication beforehand.
Does anybody have a reference on an authorization scheme that
doesn't imply any authentication?
World readable files.
--
]
To: Bill Cunningham [EMAIL PROTECTED]
Sent: Monday, December 09, 2002 12:56 PM
Subject: Re: namedroppers, continued
Can you tell me where to get this form? When I spoke to the USPS, they
said
they're legally obligated to deliver all junk mail addressed to me,
regardless of whether I want it.
Now
Does anybody have a reference on an authorization scheme that
doesn't imply any authentication?
You will deliver the satchel to the one who presents the matching
half of this hundred-euro note.
On Mon, 09 Dec 2002 17:47:58 EST, Edward Lewis said:
Does anybody have a reference on an authorization scheme that
doesn't imply any authentication?
World readable files.
We know how to do that already ;)
I was thinking more along the lines of a zero-knowledge proof or
something like that
--On Monday, 09 December, 2002 16:17 -0600 Stephen Sprunk
[EMAIL PROTECTED] wrote:
Thus spake [EMAIL PROTECTED]
Authentication: Yes, you seem to be Jeffrey Dahlmer.
Authorization: You say you'd like to borrow a steak knife?
Usually clears up the confusion in all but the most sluggish
[EMAIL PROTECTED] wrote:
Does anybody have a reference on an authorization scheme that
doesn't imply any authentication?
From:-line based email filters.
-- Cos (Ofer Inbar) -- [EMAIL PROTECTED] http://cos.polyamory.org/
-- WBRS (100.1 FM) -- [EMAIL PROTECTED]
Stephen,
Monday, December 9, 2002, 9:52:26 AM, you wrote:
Stephen The devil is in determining what senders are authorized once we've
Stephen authenticated them.
The concept of being authorized to send someone mail has good logic, but
goes against established human communication practises for
Blinded coins a la digicash
http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583124
On Mon, 9 Dec 2002 [EMAIL PROTECTED] wrote:
On Mon, 09 Dec 2002 17:47:58 EST, Edward Lewis said:
Does anybody have a reference on an authorization scheme that
doesn't imply any
--On Monday, 09 December, 2002 17:49 -0500 Bill Cunningham
[EMAIL PROTECTED] wrote:
I haven't personally tried myself to opt out. But I've read
they have the form. If they told you they don't have a form to
sort out junk mail for you I'd say they were full out it. I'd
call the Postmaster
- Original Message -
From: John C Klensin [EMAIL PROTECTED]
To: Bill Cunningham [EMAIL PROTECTED]
Cc: Stephen Sprunk [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, December 09, 2002 9:16 PM
Subject: Re: namedroppers, continued
--On Monday, 09 December, 2002 17:49 -0500 Bill
On Fri, 06 Dec 2002 16:48:46 CST, Ayyasamy, Senthilkumar (UMKC-Student) said:
If the proof of effort requires, say, 10 seconds to compute, then the
economics of sending spam are radically altered, as a single machine
can send only 8,000 messages per day.
Those of us who run mail servers that
From: [EMAIL PROTECTED]
...
Possibly what is needed is a hybrid approach:
1) If you're a big mail server, you can probably prevail on your DNS
admins to list you in whatever DNS-based verification system (in our entire
2 /16s of address space, there are less than 10 boxes that would have a
08, 2002 5:29 PM
Subject: RE: namedroppers, continued
On Fri, 6 Dec 2002, Ayyasamy, Senthilkumar (UMKC-Student) wrote:
If I don't know you, and you want your e-mail to appear in my
inbox, then you must attach to your message an easily verified
proof of computational effort, just
From: [EMAIL PROTECTED]
...
The bootstrap problem will exist no matter what scheme we decide on.
There are many spam solutions that do not have the bootstrapping
problem. Examples include effective laws and honest intent and action
by ISPs. Before saying those are hopeless, please note that
: Re: namedroppers, continued
From: [EMAIL PROTECTED]
...
The bootstrap problem will exist no matter what scheme we decide on.
There are many spam solutions that do not have the bootstrapping
problem. Examples include effective laws and honest intent and action
by ISPs. Before saying
On Mon, 09 Dec 2002 03:14:43 GMT, Lloyd Wood said:
The act of subscribing to a list indicates that you know the list, and
you're less likely to reject mail from people you don't know that
comes or also comes via the list, since you're interested in reading
that list -- unless the list is a
On Mon, 09 Dec 2002 00:47:45 EST, Bill Cunningham [EMAIL PROTECTED] said:
How about passing a law that makes eveyone install a BIOS patch to block out
spam. ;-)
There exist systems that don't have a BIOS. ;)
(Making this reply mostly because there's been serious DRM proposals
that have this
[EMAIL PROTECTED] (Keith Moore) writes:
I've had a look at vixies proposal and it's a good one. I certainly would
welcome something like the mailfrom dns record.
actually I'd call it a nonstarter in its current form. given that
- mail from is used for nondelivery reports and other
[EMAIL PROTECTED] writes:
actually I'd call it a nonstarter in its current form.
I would have to agree.
...
In addition to these valid concerns I'd add that various sorts of
autoforwarding exist that don't change the MAIL FROM. These would also
tend to break if such a scheme were
- nomadic users have valid reasons to post from random places on the net
(including multiple ISPs) and keep the same mail from address.
then, i'm sorry that i'm such a poor writer. i tried to cover this case:
3.3. Roaming hosts such as laptop computers will probably not be able to
- many ISPs won't let you forward or submit mail through someone else's
SMTP server, even if you have permission to do so. so you can't
forward your mail through your home ISP's mail server to allow the
mail from check to work.
in that case you'd be wise to not insert a
In message [EMAIL PROTECTED], Dean An
derson writes:
This seems clever, however, it will also take significant computational
effort to verify the computational effort was actually done. Even if a
class of functions are found that are easier to verify than to compute,
they will no doubt still take
i am reminded by this thread that the most powerful force on the internet
continues to be a single voice saying that something cannot be done.
well, I've certainly seen it happen. (though I think the most
powerful force on the internet is large numbers of voices insisting
that something be
To: Hallam-Baker, Phillip
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: namedroppers, continued
Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to
require every
submission to an IETF mailing list to be cryptographically signed
From: D. J. Bernstein [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: namedroppers, continued
...
Okay, Bush: Put [EMAIL PROTECTED] on the list of addresses from which
submissions are automatically accepted.
sorry bernstein. as
How much spam is going to namedroppers?
I haven't seen any. So, don't you think this has gone a little of the deep
end?
--Dean
On Fri, 6 Dec 2002, Hallam-Baker, Phillip wrote:
One of the main reasons why anti-spam measures are failing is that the
spam-artists are fraudulently
Hi -
Message-Id: [EMAIL PROTECTED]
Date: Fri, 06 Dec 2002 13:41:52 -0800
To: Hallam-Baker, Phillip [EMAIL PROTECTED]
From: Fred Baker [EMAIL PROTECTED]
Subject: RE: namedroppers, continued
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
.com
At 08:28 AM 12/2/2002 -0800, Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to require every
submission to an IETF mailing list to be cryptographically signed (PGP
or S/MIME), to require the subscribers to register their signing key and
to then filter the mail
In message [EMAIL PROTECTED], Fred Bake
r writes:
At 08:28 AM 12/2/2002 -0800, Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to require every
submission to an IETF mailing list to be cryptographically signed (PGP
or S/MIME), to require the subscribers to
On Fri, 6 Dec 2002, at 13:41 [=GMT-0800], Fred Baker wrote:
I think it was Steve Bellovin that suggested a procedure for reducing the
utility of spoofing source addresses in emails; if not, it was me and I
happened to suggest something his favorite algorithm fit into, by having a
host in each
Too bad nobody has ever thought of it
before; we could really use the outcome
of that research
while researchers has not thought about global
PKI, their are research which focus on spam
elimination.
this is the work all about (yesterday's seminar in a MIT group)
If I don't know you, and
From: Fred Baker [EMAIL PROTECTED]
... I think that boils down to provide a global PKI in this solution,
and presumes that spammers are incapable of using one. That might be a
great research topic. Too bad nobody has ever thought of it before; we
could really use the outcome of that
From: Marc Schneiders [EMAIL PROTECTED]
...
It might be easier to write a new protocol to succeed email, instant
messaging, mobile phones (something useful in itself) with built-in
abuse control from the start.
That's another stupid crackpot spam solution that just won't go away.
You
On Fri, 06 Dec 2002 14:34:14 PST, Hallam-Baker, Phillip said:
The problem here is that having Randy Bush moderate is
not a scalable solution to the problems of Spam in general.
We could clone him, but that's probably not scalable either
msg09660/pgp0.pgp
Description: PGP signature
I'v been saying about need for more radical change in mail protocol for
years now on mailing lists. I'd rather work on smtp itself, but some
people who were involved in original protocol do not want any serious
changes to what they'v done, though its clear that abuse and other holes
with
This is note quite right. While its impossible to built open system that
would prevent all abuse, you can first of all built system that would
provide good verification of who sender is and you can do a lot to make it
difficult to send thousands of same emails or at least make it easy to
On Fri, 6 Dec 2002 [EMAIL PROTECTED] wrote:
proposal of mailfrom dns record - http://www.vix.com/~vixie/mailfrom.txt or
I've had a look at vixies proposal and it's a good one. I certainly would
welcome something like the mailfrom dns record.
regards
joe baptista
it's difficult to imagine a mailing list for which this thread is on-topic.
I think it was Steve Bellovin that suggested a procedure for reducing the
utility of spoofing source addresses in emails; if not, it was me and I
happened to suggest something his favorite algorithm fit into, by having
proposal of mailfrom dns record - http://www.vix.com/~vixie/mailfrom.txt or
I've had a look at vixies proposal and it's a good one. I certainly would
welcome something like the mailfrom dns record.
actually I'd call it a nonstarter in its current form.
I would have to agree.
given
OK.. Almost plausible. However note that currently, the PGP
web-of-trust
covers only a small percentage of the subscribers to the IETF
list, and
there's no *really* good PKI for S/MIME yet (hint - we don't
seem to even
understand how to apply 'basicConstraints', so if you think
we're
The fact that OCSP scales fine for revocation checking
doesn't mean that
you have a system that scales fine for the *TOTAL PROCESS*.
Stop blustering, you clearly did not know the difference between
a CRL and OCSP and certainly have no real world experience of
operating PKI on which to base
On Tue, 03 Dec 2002 08:21:22 PST, you said:
Stop blustering, you clearly did not know the difference between
a CRL and OCSP and certainly have no real world experience of
operating PKI on which to base your broad assertions.
I said total process. The process failure described in the CERT
.
Phill
-Original Message-
From: Pekka Savola [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 30, 2002 8:00 AM
To: D. J. Bernstein
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: namedroppers, continued
[ post by non-subscriber. with the massive amount
Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to require every
submission to an IETF mailing list to be cryptographically signed
[and] to require the subscribers to register their signing key
And how do we prevent spammers from registering their signing key?
: Monday, December 02, 2002 1:43 PM
To: Hallam-Baker, Phillip
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: namedroppers, continued
Hallam-Baker, Phillip wrote:
The only way to resolve this issue properly would be to
require every
submission to an IETF mailing
On Mon, 02 Dec 2002 08:28:57 PST, Hallam-Baker, Phillip said:
The only way to resolve this issue properly would be to require every
submission to an IETF mailing list to be cryptographically signed (PGP
or S/MIME), to require the subscribers to register their signing key and
to then filter
On Mon, 02 Dec 2002 11:12:36 PST, Hallam-Baker, Phillip said:
First, consider the effect of a minor authentication requirement on
certificate issue, the ability to read email sent to the address
specified in the certificate. Using that technique we could eliminate
spams with bogus addresses
On Mon, 02 Dec 2002 14:33:16 PST, Hallam-Baker, Phillip said:
If the spammer wants to perform custom operations for each
constituency they want to spam.
No - you need a single custom cert/identity for each spamming run of several
million. Unless you were *really* intending to cross-check
On Mon, 02 Dec 2002 14:33:16 PST, Hallam-Baker, Phillip said:
OCSP scales fine for revocation checking. We can use the same
platform that currently serves 6 billion DNS queries a day.
The fact that OCSP scales fine for revocation checking doesn't mean that
you have a system that scales fine
On 29 Nov 2002, D. J. Bernstein wrote:
Keith claims that allowing ``contributions from outsiders'' requires
delay and manual review. That claim is absurd. Immediately bounce the
message to the ``outsider,'' with instructions explaining how to have
the message sent to subscribers; end of
D. J. Bernstein wrote:
Bush stuck the following note into the top of my latest message to
namedroppers:
...
You're perfectly aware
that many senders don't read messages to the list.
...
Yet - you must be reading the list or you would not have seen it.
Please cry elsewhere.
--
Doug Royer
Keith claims that allowing ``contributions from outsiders'' requires
delay and manual review. That claim is absurd. Immediately bounce the
message to the ``outsider,'' with instructions explaining how to have
the message sent to subscribers; end of problem.
---D. J. Bernstein, Associate
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of D.
J. Bernstein
Sent: Friday, November 29, 2002 3:22 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: namedroppers, continued
Keith claims that allowing ``contributions from outsiders
Keith claims that allowing ``contributions from outsiders'' requires
delay and manual review. That claim is absurd. Immediately bounce the
message to the ``outsider,'' with instructions explaining how to have
the message sent to subscribers; end of problem.
Well, as long as the method for
100 matches
Mail list logo