[FoRK] At what point is email officially broken?

Eugen Leitl < eugen at leitl.org > on > Thu Dec 7 01:51:26 PST 2006

On Wed, Dec 06, 2006 at 02:36:07PM -0800, Aaron Burt wrote:

> > In this analogy, the sysadmins are the ground troops, while the  
> > people who could create new email protocols are the authorities in  
> > denial.
> 
> Roughly speaking, the two are the same.  And they have worked very, very
> hard on the problem.  Did you read the page I linked to at the beginning?

Anything retrofitted will have giant rollout and interoperatibility
issues, which is prohibitive in an adaptive dynamic ecosystem that is spam.
One of the better but harder approaches is prestige tracking, which
is Turing-complete (even so, spread in price of human proof of work
won't make it abuse-proof; the same applies for proof of machine work).
Collateral damage to anonymizers of any kind is severe. Mixmaster has
been shot full of holes, and Tor is currently receiving a similiar fate
(I had a nice interview with a local police officer a few weeks ago,
being a Tor operator -- relying on charges always being dropped because
the persecutor is not braindead or wants to statuate an example out of
you as someone aiding and abetting criminals is not a good strategy 
long-term).
 
> > We do not  have this at present. The gap between what we have now, and
> > what we  need, is what "needs fixing."
> 
> Why, yes, I got that the first time.  What specifically needs fixing?

Address diversity of zombies is low. Cloudmark uses credit cards as
a warm-body detector, so prestige tracking is reasonably reliable.
Pushing out a realtime list of spam origin (P2P, for jam-resistance)
would need to be integrated into all major MTA packages, with
greylisting/tarpitting and header annotation built-in. This is hard
technically *and* politically, considered the robustness of the 
infrastructure and the scale and smoothness of rollout required. 

There are alternative methods (firewall-level traffic shaping by
OS fingerprint), proof of work (hashash and similiar), etc. which
are synergistic and wouldn't hurt. However, each added feature
makes above issues exponentially difficult.
 
> You're right, they have.  Can't get 'em all, but you can make long-term
> and large-scale operations infeasable.

If I have a zombie mix network I can only follow the money.
Not a conclusive proof for e.g. pump and dump schemes. If proof
is tenuous, smearing reputation by pretend-spam becomes a viable
attack.
 
> Botnet = privately-owned PCs running Windows = computers that must be
> able to send email = computers that can send spam.

Smartcards and readers with own display and keypad are effectively
compromise-proof. Of course anonymity is dead if proof of digital
signature is required for delivery. 
 
> Did you mean that as written?  I might note that those fine folks have
> mainly received lawsuits from spammers and rebuffs from the authorities.

The vigilante approach to spam leaves mortar craters all over the
virtual virtual virtual virtual virtual virtual virtual virtual gated communities. 
 
> Correct.  So what's your point?   I guess I was mistaken in assuming
> that you were already aware that Windows has so many holes, an unpatched
> machine will likely be compromised in less time than it takes to
> download the patches.

Penalize the maker, and penalize the user. Which is equivalent to instrumenting
all and sundry with anal probes -- a bit invasive. I'm not too kinky
that way.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the FoRK mailing list