Re: Article Announcement: Can Microsoft End Spam?

From: Deus, Attonbitus (Thor_at_HammerofGod.com)
Date: 07/07/03

  • Next message: Justin Shin: "RE: Article Announcement: Can Microsoft End Spam?"
    Date: Mon, 07 Jul 2003 08:40:40 -0700
    To: Ed Allen Smith <easmith@beatrice.rutgers.edu>, mfossi@securityfocus.com, SMiller@unimin.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    At 06:56 AM 7/6/2003, Ed Allen Smith wrote:

    >Of course, it would be most helpful if Microsoft were to actually
    >work toward what it's claiming it wants, instead of _against_
    >stopping spam (UBE). See:
    >http://news.zdnet.co.uk/story/0,,t269-s2136652,00.html
    >http://dynamic.washtimes.com/print_story.cfm?StoryID=20030629-103835-
    >5128r http://www.bayarea.com/mld/cctimes/news/6244003.htm
    >http://www.sacbee.com/content/politics/story/6960914p-7910017c.html

    Hey Ed, et al-

    I can't see how you can even remotely discern "_against_ stopping
    spam"
    from SB 186. Have you read the amended draft? Senator Bowden has
    *greatly* exaggerated the facts in her reaction. SB 186 is very
    similar to
    now dead SB 12, and it is hardly a proclamation of "Let There Be
    Spam" as
    her press release was titled. Currently, the draft does not include
    the
    "no spam" registry, but it is not finished yet.

    The problem with both drafts is that it addresses after-the-fact
    spamming
    with what amounts to a fine- monetary damages. And while they both
    built
    in stipulations for one to recoup attorney fees, you've got to catch
    the
    actual spammer first. Most spams are spoofed, and the bill does not
    do
    anything to help us with that.

    As I say in the article, we have to fight spam with technology and
    law. Spam Database comparison and other analysis methods will help,
    but to
    really impact spam, we need to find a workable solution in the area
    of
    authentication and authorization at the server level. The no-spam
    registry
    will only work for "legal" spammers. Where MS comes in is in the
    design of
    something akin to a certificate verification system. To me, what
    would
    really work would be to have free server certs available as part of
    the
    Exchange Server licensing and to build a trusted sender
    infrastructure from
    there. Systems could be set up to deny all unverifiable email, or
    whatever.

    And this is the type of system MS is working on. It is not for them
    to be
    able to dictate what spam is or isn't, it is for them to be able to
    construct a global system of verification. If they can pull that
    off, it
    will pay off in Server and Exchange licences. The law would come in
    requiring "legal" spam-bag companies to register with the certificate
    authority- the technology comes in at the server level. Further,
    this type
    of model better supports differences in state law. Receiving server
    certs
    would identify what state they are in- senders could have send rules
    based
    on that- of course, the receiving system could globally block all
    spammer-owed certs, as well as all mail that was not validated.

    Besides, we have a very, very long way to go with this- after all, in
    this
    case, we're just talking about 2 bill drafts for a single state!

    T

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBPwmUeIhsmyD15h5gEQLL7ACgyv4pzIq31xic5yo4RcUoCGoevX0AoLN7
    txQ/lU1KXAQUk8iWgIMsPuVq
    =2EDw
    -----END PGP SIGNATURE-----

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------


  • Next message: Justin Shin: "RE: Article Announcement: Can Microsoft End Spam?"

    Relevant Pages

    • Re: How to do rDNS. WAS: RE: educating rDNS violators
      ... It's done in the DNS server. ... As a spam prevention measure, a lot of end-user Internet providers are ... Using your own mail server as a slave to the ISP's mail server will add ...
      (Security-Basics)
    • RE: OMA and Outgoing Spam
      ... Someone hacked a user account and use it to spam emails; ... Your Exchange server is open relaying emails;(You have checked it ... Your server is under RNDR Attack. ... Microsoft is providing this information as a convenience to you. ...
      (microsoft.public.windows.server.sbs)
    • RE: OMA and Outgoing Spam
      ... Someone hacked a user account and use it to spam emails; ... Your Exchange server is open relaying emails;(You have checked it ... Your server is under RNDR Attack. ... When you enable recipient filtering on the SMTP virtual server, ...
      (microsoft.public.windows.server.sbs)
    • Re: Anyone succesfully stopped Reverse NDR Attacks in exchange 2000?
      ... to their filtering servers and the Spam stops filling your Exchange Queues ... and destined to an non existing address on your server. ... connecting addresses as there are spam sent. ...
      (microsoft.public.exchange2000.admin)
    • Re: Relay for spam?
      ... Now my ISP is complaining about being a relaay for spam. ... a SMTP mail sever set up as an open relay. ... A proxy server usually is set up so that people on the internal IP ... An open proxy allows ...
      (Ubuntu)