On Fri, 9 May 2003, Yakov Shafranovich wrote:
Additionally the question of slave servers poses a tremendous problem not
just in regard to this issue, but in regard to all anti-spam solutions. In
theory if a computer has been taken over, what prevents the trojan/virus
from doing the following:
1. Emailing other users on the Internet directly.
2. Monitoring local SMTP traffic and finding out what SMTP server is used
by the user. Then using that SMTP server for sending spam. RMX/rDNS will
not help here since the email will come from a permitted IP range. SSL/TLS
will not help since the trojan can capture the password used.
Hi Yakov!
I believe RMX and other RMX-like proposals will help in the slave server
case. The spammer can still use the slave to send spam, but if he wants
to send it using slave owner's identity, the messages must go out thru the
real outbound mail servers listed in the RMX records or they will be
rejected as forgeries.
Assume the outbound mail servers are well-secured relative to the slaves
(which are probably just desktop machines on home cable modems). The mail
server admins can use rate-limiters which detect attempts by a user to
send a lot of messages at once and react appropriately.
If the server admins are not careful and have not installed rate-limiters,
then the spam gets through and the domain loses trust (by which I mean
Bayesian spam filters become more likely to reject MAIL FROM: it). So the
admins have an incentive to be careful and install the limiters.
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg