ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Whitelisting on Message-ID (Was Turing Test ...) honey pot plug

2003-04-07 08:55:05
from [Brad Spencer] [Permanent Link] 
At 08:32 AM 4/7/2003 -0700, you wrote:


The second is the important one for me. Some people talk as if all we have
to do to end spam is close the open relays. I am not so sure this is the
case.
That (all we have to do to end spam is close the open relays) was the belief (apparently) a few years ago. I doubt few believe it now.
I do believe that if all the abuse paths for sending spam were blocked the spam volume would go way down and that (by definition the spammers would have to switch to sending their spam directly. That's easy spam to block using blocklists. (since I say it so glibly it's an automatic candidate for disproof.) Open relays and open proxies are (I think) the current most-abused pathways - I'd like to see that abuse ended. I don't call for closing all the open relays (that so far hasn't happened) but for the entire open relay pathway to be made so useless to the spammers that they abandon it. As it is increasingly difficult to secure the open relays subject to abuse I don't emphasize that approach, although securing an open relay is always worth doing. Instead I advocate creating so many false open relays that the spammers can't tell which are truly open and which aren't. right now a honeypot that delivers relay tests (once, or only) suffices to deceive the spammers. As spammers get more sophisticated the deceit will have to improve. Instead of trying to predict in advance all the possible ways of overcoming increased spammer sophistication and creating a perfect honeypot that combats those I favor quickly creating a bunch of really dumb honeypots - those will have an immediate effect. As spammers develop new evasion techniques it will be necessary to deploy some honeypots that overcome those techniques.
What should be noted is that in this scenario it is the spammers who are trying to keep up, not the anti-spammers. Every time the anti-spammers increase the sophistication of their honeypots they make real open relays more threatening to the spammers - the real open relay must be suspected as a sophisticated honeypot. Do the spammers have that fear today? No - the open relays they find are almost certainly real open relays - there is no challenge at all to finding and abusing open relays. It is made perfectly easy for them. 









_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Whitelisting on Message-ID (Was Turing Test ...) honey pot plug, Hallam-Baker, Phillip
Next by Date:  [Asrg] New take on emerging idea., John Constantinescu
Previous by Thread:  RE: [Asrg] Whitelisting on Message-ID (Was Turing Test ...) honey pot plug, Hallam-Baker, Phillip
Next by Thread:  Re: [Asrg] Whitelisting on Message-ID (Was Turing Test ...) honey pot plug, Chuq Von Rospach
Indexes:  [Date] [Thread] [Top] [All Lists]