 |
 | tugrul
join:2000-11-23
Forest Hills, NY
| Sender Permitted From (SMTP+SPF) AOL is already onboard testing SPF, as noted in the news section on the project's front page, discussed on slashdot and verified by dig as I post:
aol.com. 300 IN TXT "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/24 ip4:205.188.157.0/24 ip4:205.188.159.0/24 ip4:64.12.136.0/24 ip4:64.12.137.0/24 ip4:64.12.138.0/24 ptr:mx.aol.com ?all" | |
|
|
| 
mod bait
Premium
join:2001-06-11
Rochester, NY
| Re: At least they're making an attempt at curbing spam That doesn't make sense. One can look at a problem, look at a proposed solution to the problem, and know that the proposed solution is not viable, even in lieu of another proposed solution. If you have a gaping abdominal wound, and someone says "CUT OFF HIS LEGS!", I can pretty confidently recommend against doing that, even if I don't know what else to do. | |
|
|
| vlovich
join:2001-12-08 | Re: How about domain keys with serial numbers Then there goes your ability to send an anonymous email. And what about email services that aren't provided by the ISP? And what stops you from using a proxy when sending emails? | |
|
| | 
TheMadSwede
Premium
join:2001-01-30
Holland, MI
 ·Charter Pipeline
| Re: How about domain keys with serial numbers said by vlovich  :
Then there goes your ability to send an anonymous email. And what about email services that aren't provided by the ISP? And what stops you from using a proxy when sending emails?
I'm asking this rhetorically, and less from a technical perspective than a practical one. Why does anyone need to send anonymous email?
--
Hey - there's this thing called spell check... | |
|
medfly
join:2003-05-15
Windsor, CO
| yahoo spams themselves yahoo does spam runs from a series of servers named mailer(some number).bulk.scd.yahoo.com
I run my own mail server, and host family and friends's accounts on it. Despited repeated nasty grams from me (the post master) telling yahoo spam isnt accepted period on my server (my 220 banner also states my policies), the spam kept coming. Fortunately a quick and heavy handed use of iptables on their spam er bulk servers fixed the problem permanently. | |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
 ·FrontierNet Intern..
| It could work if done right. We have DNS servers that work right.
These things update every 10 minutes or less..
The domain keys could be done in the same manner. One companies creates the keys on a daily basis allowing each domain up to 3 keys. Simply allow access to aging keys and push out the old keys as time passes. Since the keys change on a day by day base it would be hard to forge them if the keys are maintained by a single domain server.
In this manner if someone hacks a key they will only have 3 days to use the key before it no longer works. This 128bit key would be hard to crack day by day and would cost more money to spam than most spammers can handle. After the oldest key ages out all servers should have been caught up on the new authentication keys. This would help insure that the domain sending the key owns a new code about the same time the spammers has hacked it. Even then a central server could handle these much like the DNS servers are handled today.
--
Sarick's Dungeon Clipart Page
Trouble spelling? www.iespell.com | |
|
yabos
join:2003-02-16
Ingersoll, ON | Domain keys would work The key used to sign the message is private, and the signature is dependant on the entire content of the email message. If the spammers find a key, it will still be rejected because the decryption via the public key wouldn't match the signature. | |
|
| 
flw
Security Is Like An Onion, It Has Layers
Premium
join:2004-01-04 | Re: Domain keys would work I don't really care who takes the spammers on or with what methods, but someone must start to do something before general public email becomes a waste heap that people just ignore and stop using.
Doing something is better than doing nothing. | |
|
| |
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
·FrontierNet Intern..
| Re: Domain keys would work said by flw :
I don't really care who takes the spammers on or with what methods, but someone must start to do something before general public email becomes a waste heap that people just ignore and stop using.
Doing something is better than doing nothing.
I couldn't agree more. people need to get off their rears and solve this spam problem.
--
Sarick's Dungeon Clipart Page
Trouble spelling? www.iespell.com | |
|
| | | |
| | | | russotto
join:2000-10-05
Collegeville, PA | Re: Domain keys would work The reason people crap on a lot of these ideas is that they have really nasty side effects. Destroying the net in order to save it is NOT a good idea. | |
|
| | | |
| | | | 
CSource
@adelphia.net | Re: Domain keys would work The source should be closed.
There is no reason for the general public to see the source code. All we need is the end result. | |
|
iwantbw
join:2003-12-30
Cotati, CA
| creating the "charge for email" infrastructure.. This will probably do little for reducing spam worldwide, but it will set up for creating barriers for access to the email boxes of customers of large isps.
Pay our buddies at Verisign some $$ for a cert if you want to send mail to yahoo boxes - this won't stop spammers.
The next step will be:
We have tracked the number of emails received at Yahoo! mailboxes this month via your "authenticated" key, please find the invoice below. Remember you can pay with YahooFastPay(tm). If someone has hijacked your Yahoo!DomainKey(tm), please go to »good.luck/gettingthisworkedout.html
No thanks, there are plenty of useful mailing lists, email newsletters, etc that would not be viable if there was a charge for sending email.
When trying to find solutions to the spam problem, I use the following criteria as a starting point:
I want a system that:
•reduces spam.
•preserves the option of anonymity and privacy
people easily forget that not everyone or every situation allows people to express their views without fear of retribution.
•does not require good citizen to "show their papers" in order to access resources on the internet.
•does not create great administrative or machine resource loads.
•does not support censorship without due process (like BLs).
•Puts the control over what they want to receive in the hands of the users, not the sys admins or giant isps.
•does not put control in the hands of a single or a few companies or government agencies.
•minimizes impact on delivery of legit emails.
There are techniques and software that are making major inroads against spam and viruses - the most visible are bayesian filters for servers and clients. Though extremely successful, these tools put the resource burden on the recipients, thus they have reduced the amount of spam read but not the amount of spam sent.
But there are some very interesting projects that, even if only moderately widely deployed will deal more serious blows to spam delivery.The key is to not give all incoming email connections free access to all the bandwidth/resources they want. The key to having software that adds this capability widely deployed are low resource usage and low or zero administrative overhead.
The below projects achieve many of these goals.
Applying QoS and other ideas to receipt of email will hit spammers where it hurts them the most - the ability to rapidly deliver 1,000's of msgs per minute. As far as I can tell , this is the _only_ thing that would hurt them without the "collateral damage" of other methods.
Here is one example of intelligent,adaptable QoS for MTA's:
»spamthrottle.qmail.ca/
No draconian measures needed. One project rejected a phenomenal percentage of spam, by just tracking the from IP, from email adr and to email adr - if that combination of data had never been seen before, the mail server said "Please try later" (something that MTA's [mail servers] expect and are programmed to handle). This system added near zero load on the receiving system but 97%+ of the rejected mail was never re-attempted.
»projects.puremagic.com/greylisting/
»dumbo.pobox.com/spam-sensor/
Low cost (machine resource cost) virus scanner:
»mailtools.anomy.net/sanitizer.ht···it-qmail
Projects that will substantially slow the spread of viruses that do not vector via email:
(again at extremely low machine resource costs)
»www.hackbusters.net/
»www.hackbusters.net/AAWP.pdf [research paper studying rate of virus infection with/without LaBrea-style active defense mechanisms]
»www.citi.umich.edu/u/provos/honeyd/
So it is not that "nothing" is being done (as some have implied on these forums), things are being done - some need visibility - others promising areas of research are being suppressed by the super-DMCA style laws (as the two projects above are).
Proliferation of projects that cause spam bots and viruses to spend unproductive time talking to a connection will tip the balance of spam economics and cause spam and viruses to move too slowly through the internet to be profitable (or satisfying to virus makers). And this can be done without undue costs or burdens on legitimate internet uses. | |
|
ParanoiaInc
join:2002-08-28
Tucker, GA | Many communication alternatives to email It doesn't take anyone much effort to setup a free discussion forum that uses registered accounts on a PHP platform. I've often considered this. And if I want to really get snippy, I could close the SMTP/POP ports and filter based on friend's MAC's. | |
|
| ParanoiaInc
join:2002-08-28
Tucker, GA | Re: Many communication alternatives to email Also, what is the beef with have an email account that can be traced? Anonymous mail only serves to promote deception.
And what is to keep anonymous email providers from routing for you so that it looks like it comes from them and not you? | |
|
delugg
join:2002-01-30
New York, NY
|  Too Complicated?
But we all seem to agree. Something needs to be done before junk email ruins one of the Internet's most basic uses.
- mike
--
Most people are about as happy as they make up their minds to be. -Abraham Lincoln (1809 - 1865) | |
|
|
|
|
Debating Domain Keys
At least they're making an attempt at curbing spam
·