At 07:44 PM 7/11/2003 -0400, Barry Shein wrote:
.....
On July 11, 2003 at 18:26 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
> At 05:44 PM 7/11/2003 -0400, Barry Shein wrote:
>
....
> the core. "Fixing" the core can take decades. In the short and medium
term
Fixing the edge has already proved fruitless in nearly a decade of
trying.
Given the proven fruitlessness of one approach vs the possibility of
frustration with another approach (whose underpinnings have now
increasingly been shown to have merit) which is preferable?
Well, let a thousand flowers bloom. I personally have no agenda to see
your favored attack on the problem marginalized.
Unfortunately I don't believe that feeling is reciprocal.
.....
FYI, I am open to both approaches and I had mentioned your issue before
(http://www1.ietf.org/mail-archive/working-groups/asrg/current/msg04570.html)
regarding zombie computers:
-----------snip-----------
Additionally the question of slave servers poses a tremendous problem not
just in regard to this issue, but in regard to all anti-spam solutions. In
theory if a computer has been taken over, what prevents the trojan/virus
from doing the following:
1. Emailing other users on the Internet directly.
2. Monitoring local SMTP traffic and finding out what SMTP server is used
by the user. Then using that SMTP server for sending spam. RMX/rDNS will
not help here since the email will come from a permitted IP range. SSL/TLS
will not help since the trojan can capture the password used.
3. Perfoming tracert from the infected computer to some other site and
trying to figure out the MTA for that domain for each domain listed in the
trace route, possibly even via RMX/rDNS or some other proposal, and then
using that MTA for spam.
4. Sending spam via [insert your method].
-----------snip-----------
Mike Rubel and I had a discussion then on how RMX with rate limits can help
to solve this problem, see
http://www1.ietf.org/mail-archive/working-groups/asrg/current/msg04594.html
and
http://www1.ietf.org/mail-archive/working-groups/asrg/current/msg04616.html.
In particular:
----snip----
I believe RMX and other RMX-like proposals will help in the slave server
case. The spammer can still use the slave to send spam, but if he wants to
send it using slave owner's identity, the messages must go out thru the
real outbound mail servers listed in the RMX records or they will be
rejected as forgeries.
Assume the outbound mail servers are well-secured relative to the slaves
(which are probably just desktop machines on home cable modems). The mail
server admins can use rate-limiters which detect attempts by a user to send
a lot of messages at once and react appropriately.
If the server admins are not careful and have not installed rate-limiters,
then the spam gets through and the domain loses trust (by which I mean
Bayesian spam filters become more likely to reject MAIL FROM: it). So the
admins have an incentive to be careful and install the limiters.
Mike
------snip--------
and an example of such rate limit message:
-----------snip--------------
I was thinking along the lines of contacting the user with a message like this:
------------------------------------------------------------------------
Dear customer,
We apologize for this intrusion.
Our systems indicate that your computer attempted to send a large
number of emails over the last ten minutes. Because unusually
large volumes of outbound email sometimes indicate the presence of
a computer virus, we wanted to check with you before proceeding.
These and further emails will be placed in a temporary
quarantine while we await your instructions. We respect your
privacy, and will not read or otherwise disclose the messages
without your permission.
Please call (800) 123-4567 at your earliest convenience so that
we may process your request without further delay. We appreciate
your business and look forward to serving you again in the future.
--Your friendly email service providers
To change your notification settings, please go to:
https://www.exampleisp.com/my_account_settings/web_form.php
------------------------------------------------------------------------
A well-designed safety valve might be a feature worth advertising to
customers; it has perceived value and helps reduce spam. Think back to the
credit card analogy again--unusual behavior alerts are billed as something
of value to the customer, while at the same time reducing losses for the
company. Of course, the admins must be careful to avoid imposing, hence
"large number of emails" and time period will be different for each
user. They should be given reasonable default values, and the notification
limits could even be changed by the users themselves, as indicated by the
secure web link in the example above.
It is in this sense that I believe RMX (Danisch) and RMX-like proposals
(Vixie, Fecyk) have the ability to limit the spam effect of poorly-secured
desktop machines.
Mike
----snip----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg