This forum has been pretty depressing, actually. :-(
I have a few thoughts about the spam problem after reading the postings.
1) Time is of the essence
If Alan DeKok and Chris Lewis's domains are harbingers of things to
come, we really need to act fast. Some of the protocol proposals on
this forum will take years, if not decades, to become widely-used
enough to have any effect. If spam increases to "striker" levels, the
'Net will collapse before then.
Perversely, the spammers have given Alan DeKok an awesomely-powerful
weapon: With a few edits of his DNS zone file, he can direct a
powerful DDoS attack at the server of his choosing. Perhaps rotating
this traffic among various government mail servers will convince
lawmakers there's a problem. (They'll probably pass legislation making
redirection of mail to servers outside your control a felony.)
2) Legislation is needed, soon
Technology alone won't solve this problem. Laws with real teeth are required.
However, I'm not holding my breath.
3) In the mean time, we must do whatever we can to force behavior on
spammers
Filtering works -- for now. DCC works -- for now. But both are easily
defeated. The DCC fuzzy checksum, for example, is an astonishing piece
of work, and I can't imagine how many hours of development and testing
went into it. Unfortunately, the effort required to defeat it is no more
than half an hour of a creative person's time. Similar comments apply
to Razor, content-filtering and Bayesian analysis. Even Razor's
clever (but not very scalable) "Ephemeral Signatures" can be defeated
with appropriate message mutations (left as an exercise for the reader.)
There is exactly one piece of information the spammer cannot control:
The reply code returned by the victim's mail server. In spite of some
postings, I believe that spam runs contain many invalid addresses
(which other postings seem to confirm), and a clearing house mapping
number of bad destination addresses to source IP address would be
useful. Again, in spite of some postings, storing this information is
no more difficult than storing the information already kept in DCC or
Razor.
The spammer can control the source IP address of his spam, but is
much more constrained. Whereas the number of purported source e-mail
addresses is practically unlimited, as is the number of possible message
mutations, the number of possible source IP addresses is probably quite
small, in the millions at most.
So I see the only way forward as a combination of filtering, distributed
data-gathering and reporting, DNS-based blacklists, silly tricks like
tempfailing first-time senders, and so on. All the proposals for
authentication, and the complex schemes for new mail protocols, are,
I believe, missing the point. In the early days of the Internet,
everyone changed from NCP to TCP, because the Internet was small enough
that everyone went along. Today, the Internet is too big to force a major
protocol change on everyone. (Just look at the adoption rate of IPv6.)
Depressing.
--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg