RE: namedroppers, continued

[Marc Schneiders <ietf@schneiders.org>]

[ post by non-subscriber.  with the massive amount of spam, it is easy to miss
  and therefore delete posts by non-subscribers.  if you wish to regularly
  post from an address that is not subscribed to this mailing list, send a
  message to <listname>-owner@ops.ietf.org and ask to have the alternate
  address added to the list of addresses from which submissions are
  automatically accepted. ]

On Fri, 6 Dec 2002, at 13:41 [=GMT-0800], Fred Baker wrote:

> I think it was Steve Bellovin that suggested a procedure for reducing the
> utility of spoofing source addresses in emails; if not, it was me and I
> happened to suggest something his favorite algorithm fit into, by having a
> host in each mail domain (mailid.example.com) be able to assert that its
> domain had or had not sent an email within a given recent  time period
> whose MD5 hash, when divided by <vector of prime numbers> resulted in
> <vector of remainders>. I could write that up in an internet draft if folks
> think it makes sense. That would be a more global procedure that didn't
> require a PKI and only addressed spoofed addresses.

Spammers would be the first to set up your mailid host. They will have
had years of experience to find holes in the system before you've
convinced everyone to adopt or accept the mailid.

It might be easier to write a new protocol to succeed email, instant
messaging, mobile phones (something useful in itself) with built-in
abuse control from the start.




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>