republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Do-Not-Spam List > Problem is anonymous trust

Search Topic:
 Uniqs:
67		 Share Topic
Post a:
Post a:
AuthorAll Replies


rolande
Certifiable
Premium,Mod
join:2002-05-24
Columbus, OH
Host:
Linksys
AT&T Midwest

Problem is anonymous trust

The real problem is that the majority of mailservers out there blindly trust all other mailservers and accept any emails passed through them without regard for the source or authentication. As long as all of the major providers and corporations try to solve the SPAM problem on their own, there will never be a solution within the existing framework of the SMTP protocol. If the big players and corporations worked together to create a de facto web of trust for SMTP servers on the Internet or adopt an existing one such as habeas.com and enforced mandatory registration in order to be allowed to transmit SMTP messages to any SMTP servers included in the web of trust, it would be a start. Until there is a hierarchy of trust defined for SMTP servers, it is strictly monitored and enforced by a governing body, and there is overwhelming public support and compliance, we will be subject to the scourge of SPAM.

Unfortunately, a web of trust is not foolproof and presents new problems. If a trusted SMTP server is compromised and a Spammer forwards mail through the legitimate server, does the governing body temporarily revoke the trust of that server, potentially affecting thousands of innocent end users and disrupting their email? How do you police trusted members to make sure they maintain the latest patches on their SMTP servers and properly firewall their machines to prevent other methods of subversion?

At least enforcing the registration of SMTP servers in a web of trust offers the ability to acquire some trusted information regarding the source mailserver for legal purposes. But, who decides when a registration is trusted and how that information is maintained and secured and at what point to consider a member to have breached the contract of trust and suspend/revoke trust of their registered server(s)? Also, how does the governing organization offer proof/validity that other members can be trusted?

More than likely a combination of a trust hierarchy and an enhanced version of the SMTP protocol will be needed to effectively achieve the goal of eliminating/reducing unsolicited emails. Now the problem is that all of these technical solutions break the way email works today and would require unanimous migration by legitimate mailservers. It also makes it harder to setup and maintain a mailserver. Not to mention, the more complex the technical solution is, the easier it will be for someone to find a backdoor around the process, making this whole objective an exercise in futility.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't."
to forum · permalink · 2003-10-16 01:54:24 ·
Forums > Do-Not-Spam List

Monday, 04-Jun 19:28:34 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics