[linux-elitists] On spam, stamps, and hygiene

Karsten M. Self kmself@ix.netcom.com
Fri Feb 6 20:35:41 PST 2004


on Fri, Feb 06, 2004 at 11:37:59PM +0100, Eugen Leitl (eugen@leitl.org) wrote:
> On Fri, Feb 06, 2004 at 01:36:06PM -0800, Mister Bad wrote:
> 
> > So, I find it wondersome that so few of these media discussions
> > bring up the issue of digital signatures. Signed mail is not forged
> > mail. Signed mail
> 
> Which: inline'd, or maimed? Latter will be stripped, cause much
> anguish among >60% of MUA base, or outright bounced or rejected.

...which is why there is a (draft) RFC standard detailing how GPG/PGP
MIME attachments should be handled.

The 60% crowd _does_ have PGP support options available to them, as well
as the less useful and transparent SMIME standard.


> > does not break SMTP, MIME, or other standards. Signed mail does not
> > require a central authority to authenticate mail. Signed mail is
> > better.
> 
> Chugging out certs by the metric shitload is cheap; so is setting up
> faux trust networks. Trust is just an integer. It's only good if it's
> close to node that are you. But that's highly nontrivial to deploy
> blanketly, in a world that even can't handle plain signatures right.

For many users, most mail is from known correspondents.  Signed mail
with known trusted signatures is useful.  A signature of and by itself
_isn't_ particularly useful -- it's just a large integer, and these are
cheap, as Eugene states.

Trust relationships can be useful though.  I found the trust web between
myself and a correspondent in Australia is only three nodes deep, with
multiple paths between us (in both directions).  In a world in which PKI
is more widely used, either ad hoc or intentional certificate
authorities can help this issue.  E.g.:  your employer might serve as a
certifying authority, which, for suitably large values of employer (and
trusted...) would make for a relatively useful signature.

This gets to one side of the problem with spam:  spoofing senders, and
trusting content.  It doesn't really do much to address the sheer
_volume_ of the crap.  Not to say that PKI isn't useful, it's just not a
complete answer.

Keeping tabs on who's running blatantly abusive networks is a big part
of this.  If I haven't posted these already, the two links below show
the amount of spam I'm receiving by ASN (autonomous system number), and
cumulative spam.  Data are Jan 15 - Jan 31, 2004.  The top 100 of ~480
ASNs are shown.

    Spam volume by ASN, top 100 contributing ASNs
    http://linuxmafia.com/~karsten/Images/spam-by-asn.png

    Cumulative spam volume by ASN, top 100 contributing ASNs
    http://linuxmafia.com/~karsten/Images/cum-spam-by-asn.png

What's significant:  a small number of badly managed networks contribute
overwhelmingly to spam volumes.

IP => ASN mapping:  http://www.routeviews.org/

   host -t txt <reversed IP>.asn.routeviews.org


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
     Dean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040206/36262079/attachment.pgp 


More information about the linux-elitists mailing list