[VOIPSEC] spam and enum
Dan Wing
dwing at fuggles.com
Fri Sep 1 16:30:22 BST 2006
styagi at sipera.com wrote:
> Hi Dan, Simon,
>
> Digressing little bit from discussion here ...
>
> I don't see how authentication solves the SPAM problem.
>
> The reason we have e-mail spam is because it is easy to automate, free
> etc. (signup for thosands of e-mail accounts, some of the email servers
> use domain certificates etc but does not help much)
>
> Once SIP services become free and easy to automate (think free skype out
> with SDK available to automate it and automated ways to signup for
> accounts, same available for SIP)
>
> Unless I block out all unknown/first time callers or something
Strong identity (sip-identity for SIP, DKIM for email) allows you to
build whitelists and blackslists -- lists of people you know.
Then, you need a way to allow people you _don't_ know to still contact
you. That's the harder problem, and there are several proposals on
the table for how to solve that.
Without strong identity, anyone can spoof their identity and make
your whitelist or blacklist useless, and you can't build a system
that relies on strong identity.
> Am I missing something.
-d
More information about the Voipsec
mailing list