Re: tmda: Challenge-response is fundamentally broken (RAPNAP)

To: david nicol <davidnicol@pay2send.com>
Cc: debian-devel@lists.debian.org
Subject: Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
From: Russell Coker <russell@coker.com.au>
Date: Sat, 6 Sep 2003 23:32:04 +1000
Message-id: <[🔎] 200309062332.04305.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 1062795375.1935.28.camel@plaza.davidnicol.com>
References: <uiun0dv1n94.fsf@echo.linpro.no> <[🔎] 200309051516.21416.russell@coker.com.au> <[🔎] 1062795375.1935.28.camel@plaza.davidnicol.com>

On Sat, 6 Sep 2003 06:56, david nicol wrote:
> > > Unlike TMDA's distributed profusion of extended addresses, a
> > > central RAPNAP (return address, peer network address pair) database
> > > only needs to send out a challenge when you change your outgoing
> > > SMTP server.  In effect, a central server caches challenge responses,
> > > so individual challenges are no required all the time.
> >
> > Interesting idea.  A spammer then only has to respond to a challenge once
> > and they can then spam thousands of people.
>
> But only from an account which is really theirs.
> RAPNAP provides a working minimal verification on
> the return address for sender-pays systems.  Sure you can forge
> an e-mail with my return address, but you can't forge an e-mail
> with both my return address and the peer network address of the
> machine I generally send e-mail through, from your connection in
> Australia.

Here's how it works.  Spammer creates account live2spam@hotmail.com and sends 
their first spam to a C-R system, when the challenge comes in they 
acknowledge it and from then on the C-R system does not bother them because 
they keep using the same small range of IP addresses.  Hotmail cancels their 
account pretty quickly, but as the C-R system does not send any changes 
unless they change their IP address (and they don't change their IP address 
to avoid C-R systems) then it's not a problem for them.

> > For challenge response to work it has to be annoying to lots of people.
> > Anything that stops it being annoying will stop it working.  That's why
> > it is broken.
>
> Challenge-response, BY ITSELF ONLY, suffers from that problem. When
> combined with other methods, CR is useful, and is _less annoying_
> then alternatives, such as requiring all correspondents to install PGP
> for instance.

DNSBL's and spamassasin seem quite good at dealing with spam and are much less 
annoying.  That combined with some new laws that are being enacted to combat 
spam should keep it to a managable level.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
  - From: david nicol <davidnicol@pay2send.com>
- Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
  - From: Russell Coker <russell@coker.com.au>
- Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
  - From: david nicol <davidnicol@pay2send.com>

Prev by Date: [Auto-Reply] Your details
Next by Date: a couple of missing sources for stable
Previous by thread: Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
Next by thread: Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
Index(es):
- Date
- Thread