[linux-elitists] Re: MCI boots send-safe (Register) -- adds a net of 11 more spam hosts

Aaron Sherman ajs@ajs.com
Thu Mar 3 09:05:48 PST 2005


On Wed, 2005-03-02 at 23:52, Karsten M. Self wrote:
> on Wed, Mar 02, 2005 at 06:16:38PM -0500, Aaron Sherman (ajs@ajs.com) wrote:

> > Ok, I won't speak for Nick, but here's why I get all flustered about
> > this kind of thing: I have this nervous tick that forces me to imagine
> > how every "victory" in the war against X (drugs, spam, terrorism, you
> > name it) will, in turn, be used against me in future.
> 
[...]
> I believe in a _balance_ of powers, a weighting on _merits_, and an
> avoidance of _extremes_.  Large low-entropy pools are inherently
> dangerous.

Interesting. I would not have thought to phrase it that way, but it's a
fair point.

> There's a lot of stuff out there that _can_ be used to do bad.  There's
> also stuff that's pretty much _exclusivly_ used for same, marketed as
> same, and, in the process, does extensive harm to large numbers of
> people.  More particulars are spelled out at Send-Safe's Spamhaus pages,
> I'm not going to read them back here.
> 
> _Those_ are the particulars of _this_ case.

Yep, and I'm glad they've been booted, and I was over-reacting as a
result of a mis-reading. However, I defend the reaction in that, had the
root servers (or some subset) taken such unilateral action, I think it
would have been wildly inappropriate and would have set a frightening
precedent.

I know you may have come away from the previous discussion with the
sense that I have a desire to defend send-safe, but I assure you that
nothing could be farther from the truth. My feeling on the MCI policy
issue is that, worst-case, they should have amended their rules,
refunded send-safe's money and terminated the contract long ago.

I do want to point out, though, that this means financial hardship for
MCI, which implies that some other company is going to be able to step
in to this market and make money by supporting the send-safes of the
world... get ready for the next phase of spam growth: the large,
international corporation that owns several ISPs and is entirely willing
to mix large pools of legitimate users, servers and networks in with
their spam services. You're going to NEED a real reputation system
sometime soon, or spam WILL become even more unmanageable than it is
today.

> Answering your question:  there's too fast to act, and there's too slow.

Fair enough.

> > What if the complaints start originating from the MPAA or the US
> > government or the IMF or spammers?
> 
> I don't particularly care where a complaint originates from.  I _do_
> care that the complaint is legitimate and valid.

Also fair. I wonder though who writes the spec on those two terms?

> > We're forcing them to evolve or die... what happens when that
> > evolution involves buying a very large ISP? Do we shut off half the
> > world or come up with a better plan?
> 
> Do you connect your sewer mains to your spigots or your drains, Aaron?
> That's really a no-brainer.

> So yes:  if a large portion of the Net turns black, well, it turns black
> more ways than one.

Your points about ASN/CIDR identification are good, but this last
statement bothers me. Plus, IPs are a poor metric. As we all know they
are ephemeral.

We *NEED* a reputation system that's based on strong encryption. We have
all of the tools (SMTP/TLS + CAs + DNS), we just need a single protocol
that at least a few large players agree to use that connects them. Once
that's in place, we could END spam. Sure, there would be trade in stolen
keys, but a decent system would adapt (via the same mechanisms as
DNSBLs) and repair quickly enough that using a key would result in a
return on investment insufficient to warrant the effort in stealing it.

New players who want to establish a rep would have to be "introduced" or
suffer most of their mail being black-holed until a sufficient
reputation had been established (perhaps years), but let's face it: if
you're deploying your own mail server then one of the following is going
to be true:

      * Your up-stream ISP approves and will vouch for you as a customer
        who is under certain contractual obligations (not a guarantee of
        validity, but a starting point)
      * You know someone who trusts you and is willing to sign your key
        (risking their own reputation).
      * You are sending to a fair number of specific individuals who
        will white-list you, slowly building your reputation.

Built properly, such a system would account for differing "opinions"
(e.g. many small businessmen in Russia seem to trust each other, even
though the rest of the world thinks they're evil... that's fine, they
have their view, we have ours). This is easily accomplished by doing
roughly what DNSBLs do: centering each origin of trust on a domain name,
and allowing any domain name to originate a new root of trust at any
time.

Nice things about this system are: the SPF problem goes away. You don't
care who initially started the chain, only who delivered it to your
front door. They have the power to vouch for bad-guys, but it will nuke
their rep. Your own relays would have a level of trust that puts your
central delivery host into a slave mode, so no reputation updates would
be performed (preventing your central MTA from harming your relay's
reputation when it passes you spam, and also reducing overhead).

This might be rocket science, but it's not HARD rocket science.

-- 
☎ 781-324-3772
✉ ajs@ajs.comhttp://www.ajs.com/~ajs




More information about the linux-elitists mailing list