[linux-elitists] AOL says goodbye to AT&T/Comcast and residential mail spools

Martin Pool mbp@samba.org
Sun Apr 13 21:48:50 PDT 2003


On 14 Apr 2003, Aaron Sherman <ajs@ajs.com> wrote:

> My vote is we blacklist the bastards that try to break the net like this
> for now,

So don't send mail to them.

> and then implement a system of identity, trust and
> responsibility. We already have two ways built into the protocols to
> do this: IP address and key exchange (via TLS). Let's start tracking
> that info and building a web of trust. We can replace blacklists
> with trustlists that have a score (127.x.y.z where x is your trust
> value, y is your spam value and z is your protocol-failure
> value). Everyone who wants can run one, and you can even build
> meta-trust databases that just pool others with weighting.

Why does that perform any better than existing blacklist systems?  Are
you proposing to trust or mistrust keys, rather than IP addresses?

Are you going to trust unknown keys?  Presumably so, or people will be
shut out forever.  But then spammers can just generate a new key for
every spam.

Perhaps you could require people to lodge a financial bond to get a
key signed, which can be revoked if they send spam.  

In fact, this is similar to the situation with blacklisting of ISPs.
Big ISPs have something to lose: specifically, their investment will
become less useful if they're blacklisted and (eventually) lose
customers.  Spammers who just ordered a dialup account have
essentially nothing to lose, they can just open a new one when their
account is closed.

Anyhow, a bond that's an acceptable cost of doing business for a
western spammer might be prohibitive to a developing-country ISP.  And
how are you going to decide when the bond should be revoked?
 
> That should be easy enough to write and then hack into the major
> mailers....

Off you go then.

-- 
Martin 



More information about the linux-elitists mailing list