At 08:32 AM 4/7/2003 -0700, you wrote:
The second is the important one for me. Some people talk as if all we have
to do to end spam is close the open relays. I am not so sure this is the
case.
That (all we have to do to end spam is close the open relays) was the
belief (apparently) a few years ago. I doubt few believe it now.
I do believe that if all the abuse paths for sending spam were blocked the
spam volume would go way down and that (by definition the spammers would
have to switch to sending their spam directly. That's easy spam to block
using blocklists. (since I say it so glibly it's an automatic candidate
for disproof.) Open relays and open proxies are (I think) the current
most-abused pathways - I'd like to see that abuse ended. I don't call for
closing all the open relays (that so far hasn't happened) but for the
entire open relay pathway to be made so useless to the spammers that they
abandon it. As it is increasingly difficult to secure the open relays
subject to abuse I don't emphasize that approach, although securing an open
relay is always worth doing. Instead I advocate creating so many false
open relays that the spammers can't tell which are truly open and which
aren't. right now a honeypot that delivers relay tests (once, or only)
suffices to deceive the spammers. As spammers get more sophisticated the
deceit will have to improve. Instead of trying to predict in advance all
the possible ways of overcoming increased spammer sophistication and
creating a perfect honeypot that combats those I favor quickly creating a
bunch of really dumb honeypots - those will have an immediate effect. As
spammers develop new evasion techniques it will be necessary to deploy some
honeypots that overcome those techniques.
What should be noted is that in this scenario it is the spammers who are
trying to keep up, not the anti-spammers. Every time the anti-spammers
increase the sophistication of their honeypots they make real open relays
more threatening to the spammers - the real open relay must be suspected as
a sophisticated honeypot. Do the spammers have that fear today? No - the
open relays they find are almost certainly real open relays - there is no
challenge at all to finding and abusing open relays. It is made perfectly
easy for them.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg