North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Clueless service restrictions (was RE: Anti-spam System Idea)

  • From: Steven M. Bellovin
  • Date: Tue Feb 17 17:31:15 2004

In message <[email protected][192.168.100.25]>, Alex Bligh writes:

>b) The real problem here is that there are TWO problems which interact.
>   It is a specific case of the following general problem:
>   * A desire for any to any end to end connectivity using the
>     protocol concerned => filter free internet
>   * No authentication scheme
>
>Applying filters based on IP address & protocol (whether it's by filtering
>or RBL) is in effect attempting to do authentication by IP address. We know
>this is not a good model. People do, however, use it because there
>currently is no realistic widely deployed alternative available. Those
>that are currently available (e.g. SPF) are not widely deployed, and
>in any case are far from perfect. Whilst we have no hammer, people will
>keep using the screwdriver to drive in nails, and who can blame them?
>

Apart from the general undesirability of using IP addresses for 
authentication -- and I've been writing about that for 15 years -- the 
problem of authentication for anti-spam is ill-defined.  In fact, 
posing it as an authentication problem misses the point entirely.

In almost all circumstances, authentication is useful for one of two 
things: authorization or retribution.  But who says you need 
"authorization" to send email?  Authorized by whom?  On what criteria?  
Attempts to define "official" ISPs leads very quickly to the walled 
garden model -- you have to be part of the club to be able to send mail 
to its members, but the members themselves have to enforce good 
behavior by their subscribers.

Retribution doesn't work very well, either -- new identities are very 
easy to come by, and since most spammers are already committing other 
illegal acts (ranging from the "products" they advertise to the systems 
and address blocks they hijack) they're not easily dissuaded by laws.

Reasoning like this leads me to schemes that involve imposing cost.  It 
may be financial, it may be CPU cycles, it may be any of a number of 
things.  But it can't be identity based, except for recipient-based 
whitelists, and they have their own disadvantages.

		--Steve Bellovin, http://www.research.att.com/~smb