North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Micorsoft's Sender ID Authentication......?

  • From: Matt Ghali
  • Date: Thu Jun 09 20:41:59 2005

On Thu, 9 Jun 2005, Stephen Sprunk wrote:
  If my grandmother has a "reputation" for sending legitimate email, 
  and she inadvertently installs some spam zombie software, it is 
  certainly feasible (and probably trivial) for the spammer to steal 
  all her credentials and thus her "reputation".  Spam will get out 
  for a while, but once her "reputation" significantly degrades, it 
  will be stopped -- as will any future legitimate email from her.

No. You are (I suspect) deliberately ignoring the Big Picture.

Your grandmother, if she is like most grandmothers, does not have a 
box coloed with a static IP from which she runs her own MTA. She 
gets a dynamic address assignment from her ISP.

When her computer becomes infected with malware that causes it to 
emit abusive traffic, the reputation for that IP (or its containing 
netblock) is affected.

The longer her ISP allows the abusive traffic, the lower the 
reputation becomes for that address (or its containing netblock).

So you see, the reputation has nothing to do with your mom, and 
everything to do with the controlling entity, her ISP. Which makes 
the whole address-based sender reputation scheme almost workable, if 
you ignore the scaling issues.

  This "solution" strikes me as worse than the problem it tries to 
I'd never call it a "solution", but it is certainly a useful tool to 
use along with others in order to more successfully manage the 


[email protected]<darwin><
              The only thing necessary for the triumph
              of evil is for good men to do nothing. - Edmund Burke