On Wed, 5 Mar 2003, Brad Templeton wrote:
The real world doesn't usually do security with physical security.
It punishes after the fact and uses that as deterrence.
Right. But you need a way to detect the problem before you can
punish it. A distributed mechanism for detecting anomalous
SMTP behavior is like an alarm sytem. And alarm systems are
pretty common in the real world.
Very few of the world's low level security problems are solved by
putting up a clever high fence. You notice that there is nobody
checking your bags as you leave the Sears store.
It depends where in the world you live. :-) Lots of stores I've
been in demand you leave parcels at the front, and if you walk through
with a bag, you will be searched.
In North America, this isn't so common, of course.
The number of bad addresses is another test, but not nearly so
reliable.
Well, isn't it? I don't know, and I don't think you know either. Some
posters have complained how their systems are stressed from bounce
messages during spam attacks. This suggests to me that a large number
of invalid addresses is a good indicator of a spam attack. Unfortunately,
it's not necessarily the case that a spam attack always yields a large
number of bad addresses; there probably are spammers out there who keep
their lists clean.
In the end, though, if we can get most of the legit bulk mailers to
do something -- anything -- to let us know they are accountable for
abuse, I think we can lick this thing.
That would help, but it requires buy-in from a lot of different groups
with a lot of different vested interests. And I'm not sure that
non-technical solutions fall within the charter of the IETF, although
it certainly should consider them and recommend them to legislators.
I don't advocate distributed statistics-gathering and analysis as a
panacea. But I do believe it could be one more effective detection
tool in our arsenal.
--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg