On Sat, 15 Mar 2003 06:14:04 -0600, Brad Spencer
<brad(_dot_)madison(_at_)mail(_dot_)tds(_dot_)net> writes:
After years of effort to secure all open relays there are still enough
open relays that spammers actively seek them. securing them all isn't
a viable option, didn't work, can't work. I favor a different
approach that does work and can work: dilute the pool of true open
relays with so many false ones that the spammers can't find the true
ones. That's absolutely simple. While this is being ramped up the
operators of fake relays who know how can take the information they
glean from their false relays and use it to persuade ISPs to take
action against the spammers.
However, is it effective? What this means is that a slightly greater
percentage of email is denied. However, email sending is as
automatable as it was. If we are in a world where bandwidth costs are
expected to decrease and where CPU costs are expected to decrease,
then even with this, spam becomes more economical, because with the
same resources, they can send more messages, even if an increasing
percentage get rejected.
We need a solution that can continue to work in worlds where
Disk/CPU/bandwidth is becoming ever cheaper. A technique that halves
the effectiveness of spam will be erased in two years. What do they
care if half of the proxies are fake two years from now? The cost per
message that goes through a non-fake proxy will be the same then as
now. At such a small loss, it may not even be worth the effort to
identify the fakes.
Computing and bandwidth is cheap enough that you can't win by forcing
the spammer to burn cycles or bandwidth, unless you can increase those
costs by orders of magnitude. One person's yearly wage of, say,
$40,000 can buy 20 $1400 machines and still spend $1000/month for
bandwidth/colo. Lets see, 4TB/month. Requiring them to hire one
additional employee affects their bottom line more than blocking 10
billion emails.
The basic idea is sound, and some very effective fake open relays are
simply standard MTAs, reconfigured. Those aren't going to be easily
identified. More to the point is that this entire means of combatting
spammers and this entire opportunity to do so are both almost
completely ignored. The idea has further extension. An ISP with a
customer who is sending out large numbers of relay tests should be
easily able to identify that customer strictly by the pattern of his
outgoing traffic. A large ISP cannot monitor the entire stream of its
At least as far as outgoing traffic is concerned, wouldn't a server
doing relay tests closely resemble any popular mailing list server? It
might be identifiable if it gets a huge number of incoming RST's from
port 25.
Scott
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg