Chris said...
At least one benefit of a pull system is that the sender can't be dummied
even by a trojan. it may take over the the resources but incoming bounces
"message denied" etc.. will make it abundantly clear to the user that his
machine has been trojaned.
and Chris responded
A smart trojan of course would handle incoming mail and dispose of the
telltale signs.
And this is an example of how we fight a losing battle....
Not that I say give up. heck no.
but the solution is not ours alone
all areas of the internet must be tightened to minimise the impact of such
attacks.
Most (not all) spammers are laymen, they rely on other peoples software to
do the job for them.
If anyone think spammers will move en masse to trojan systems to continue
their habit I believe they are sadly mistaken.
They spam currently because they can. but if it means becoming technically
savy, and deliberately hacking into other peoples machines. I doubt many
will follow this path.
And how many trojan writers will advertise their wares on a commercial
basis?
Some I am sure. but not enough to return the Internet to the bad old days
err... today!
Regards
Chris
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Chris
Sent: Monday, December 01, 2003 10:41 AM
To: Dag Kihlman; asrg(_at_)ietf(_dot_)org
Subject: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
If I want to install a pull server I ought to subscribe to a static IP
address and pay some fee for having the ports opened. (The market will
make
this fee reasonable)
You would have to enact a law that states fees must be charged.
That would only be valid in the country where the law is enforced.
no ISP is going to start charging for a service he now provides
essentially
free. not if he wants to stay in business.
and where does this fee get applied ?
the ISP. his provider?, backbone providers?
I could see this fee very quickly concentrating into a few hands, and then
we have a monopolisation occuring.
how would it be charged ?
per port?, per email?
Pull systems do not change this behaviour. See recent spammer
behaviour of hosting web sites on trojaned machines. They could just
as easily host mail for a "pull" system on the trojaned machine.
Trojaned machines are a major setback to any anti spam e-mail system.
regardless of type because they run with the parent machines permissions.
I have personally been IP blacklisted because my mail system was
on the same
shared machine as a vulnerable formmail script
(exactly the same effect as a trojan)
This problem is not confined to owners of windows desktop machines. ISP's
have it as well no matter what they run.
I don't see how any technical sender verification system can
overcome this.
please feel free to enlighten me if one comes to mind.
(most I can think of would rely on forcing the ISP to play our way not
theirs)
A big legal stick may force ISP's to be more careful about allowing users
access to formmail etc. or smtp but thats not a technological
solution, and
again only applicable where the law is enforced.
At least one benefit of a pull system is that the sender can't be dummied
even by a trojan. it may take over the the resources but incoming bounces
"message denied" etc.. will make it abundantly clear to the user that his
machine has been trojaned.
as it stands a trojan can take over a machine quietly send out e-mails,
return address them to no-one or some other joe and no one is the
wiser. not
even the user unless his resource are exhausted by the trojan.
Regards
Chris
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg