ietf-asrg
[Top] [All Lists]

Re: [Asrg] Thoughts so far

2003-03-14 03:53:30
The forum is not depressing, what is depressing is the fact that many want 
to see a solution but all have different thoughts on what it should be and 
none are probably correct (damn, I think I'm depressed now as well...)

Now I'll not comment on legislation (I personally do not think it'll help 
unless its global) and as a geek I prefer to focus on things technical or
fantastic (like solution to spam :) ...

I think as far as technical part we need to do the following:
 1. Good classification of possible solutions and proposals with all pros 
    and cons clearly listed (I'm attempting to do so now with my notes)
 2. Separate solutions into two threads
  a) solutions that can be done fairly quickly (1-2 years to adaption) to 
     partially control spam
  b) solutions that need more extensive changes and will take long time 
     to adapt but have a lot better chance of actually stopping spam

BOTH should be done at the same time, 2nd one will take longer to adapt 
but by the time solution(s) a) begin to fail we should be ready with at 
least some adaption for b). And yes, it may take 4-10 years for long-term 
solutions to become mainstream depending on how much change they require.

And I personally would prefer b) to actually be new Unified Messaging 
protocol to combine mail/news/im. The reason is that its adaption will 
depend not only on how well it'll stop spam but if it offers other 
benefits and the more benefits it offers, the better and easier it is to 
push it through. Besides new mail protocol would go just in time for new 
ip protocol (I'm curious how many email messages actually come through 
ipv6 and if there is anyone on this list who's doing it regularly, 
please respond if you do).

Hope it helps (though I'm depressed myself now...)

William

On Thu, 13 Mar 2003, David F. Skoll wrote:

This forum has been pretty depressing, actually. :-(

I have a few thoughts about the spam problem after reading the postings.

1) Time is of the essence

If Alan DeKok and Chris Lewis's domains are harbingers of things to
come, we really need to act fast.  Some of the protocol proposals on
this forum will take years, if not decades, to become widely-used
enough to have any effect.  If spam increases to "striker" levels, the
'Net will collapse before then.

Perversely, the spammers have given Alan DeKok an awesomely-powerful
weapon: With a few edits of his DNS zone file, he can direct a
powerful DDoS attack at the server of his choosing.  Perhaps rotating
this traffic among various government mail servers will convince
lawmakers there's a problem.  (They'll probably pass legislation making
redirection of mail to servers outside your control a felony.)

2) Legislation is needed, soon

Technology alone won't solve this problem.  Laws with real teeth are required.
However, I'm not holding my breath.

3) In the mean time, we must do whatever we can to force behavior on
spammers

Filtering works -- for now.  DCC works -- for now.  But both are easily
defeated.  The DCC fuzzy checksum, for example, is an astonishing piece
of work, and I can't imagine how many hours of development and testing
went into it.  Unfortunately, the effort required to defeat it is no more
than half an hour of a creative person's time.  Similar comments apply
to Razor, content-filtering and Bayesian analysis.  Even Razor's
clever (but not very scalable) "Ephemeral Signatures" can be defeated
with appropriate message mutations (left as an exercise for the reader.)

There is exactly one piece of information the spammer cannot control:
The reply code returned by the victim's mail server.  In spite of some
postings, I believe that spam runs contain many invalid addresses
(which other postings seem to confirm), and a clearing house mapping
number of bad destination addresses to source IP address would be
useful.  Again, in spite of some postings, storing this information is
no more difficult than storing the information already kept in DCC or
Razor.

The spammer can control the source IP address of his spam, but is
much more constrained.  Whereas the number of purported source e-mail
addresses is practically unlimited, as is the number of possible message
mutations, the number of possible source IP addresses is probably quite
small, in the millions at most.

So I see the only way forward as a combination of filtering, distributed
data-gathering and reporting, DNS-based blacklists, silly tricks like
tempfailing first-time senders, and so on.  All the proposals for
authentication, and the complex schemes for new mail protocols, are,
I believe, missing the point.  In the early days of the Internet,
everyone changed from NCP to TCP, because the Internet was small enough
that everyone went along.  Today, the Internet is too big to force a major
protocol change on everyone.  (Just look at the adoption rate of IPv6.)

Depressing.

--
David.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>