At 07:05 PM 4/6/2003 -0700, you wrote:
On Sunday, April 6, 2003, at 03:06 PM, Kee Hinckley wrote:
Welcome to the problem of updating MUAs. Where there's no perceived
benefit, the changes don't get made.
where there are significant benefits, the changes still don't get made. a
good percentage of open relays being used by spammers are sites still
running sendmail 8.9, from back when relay was default on. Despite all of
the security holes closed since then, and huge performance increases --
they're still running it.
Which leads to assuming all of those sites fall into one of three categories:
1) they want to be open relays.
2) they don't care.
3) they don't know any better.
4) they ain't home. the admin who set things up isn't there any more, and
neither is
anyone else.
(1) is likely to be the smallest percentage. (2) through (4) are all
variations of the same general thing, and if nothing YET has convinced
them to upgrade, what possible thing can this group come up with that
would change their mind, other than making their software non-functional.
And then, they'd have a cow (if they even noticed), and since any change
to non-compatible systems would require a transition period and/or a
gateway, would it really make a difference?
I got into anti-spam by being the operator of an abused open relay. I'd
consider it to be a favor to me to blocklist it, when it was open, I'd
consider it a favor to reject email with a disk-full message (so email
would back up in my queue) when blocklisted. I think that would be fair to
all with open relays (even if they didn't.) That isn't going to affect the
truly clue-impaired but it might reach some of the mildly clue-impaired.
(There's really a more basic system design problem: software is distributed
that can be predicted to become obsolete or dangerous. That software does
not include any automated mechanism for checking for new versions - that's
left up to the initiative of the operator. Sure, lambaste the stupid
operators - that doesn't solve the overall problem nor their problem.) (All
in parentheses because it's parenthetical.)
For the reasons you mention they won't upgrade. I advocate an anti-spam
action that does nothing to help these people but that does reduce their
overall effect - dilute the pool of open relays sufficiently with fakes and
the real ones tend to no longer matter. The validity of the approach can
be seen by logic. Success of this approach does require a number of fakes
equal to or much greater than the number of true open relays (the exact
number depends on spammer behavior.) That number is attainable.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg