Yakov Shafranovich wrote:
----- Original Message -----
From: "Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
To: "Tomi Panula-Ontto" <tomi(_at_)panula-ont(_dot_)to>
Cc: <asrg(_at_)ietf(_dot_)org>
Sent: Tuesday, December 09, 2003 10:03 PM
Subject: Re: [Asrg] Re: 6. Proposals: MTA MARK
Tomi Panula-Ontto wrote:
[..]
I don't know how spammers operate, but they really seem quite
professional at it, since whenever I have added a new RBL
sources to my blacklisting MTA the amount of spam is reduced
only for few days or perhaps weeks. Pretty soon, they are able
to reroute whole damn thing and we are back on the same level
we started from.
And they are doing the very same thing in message headers,
the message itself. They are trying to keep ahead of the spam
prevention and they're really doing pretty good job there.
They get their living out of it.
Do you really think they would not do it for LMAP? Or any
other means? Of course they will. As long as they can.
If there are easy, and relatively cheap ways to circumvent
a problem, then they'll do it.
If spam can be looked at as a disease than RBLs are treating the
symptoms by listing IPs that are likely to abuse the network. LMAP, MTA
MARK and related proposals are more geared towards treating the causes
of the disease by addressing some of the architechtural issues on the
Internet that allow spam to proliferate. For example, spammers are free
to forge the MAIL FROM address with any domain in place. LMAP addresses
this forgery issue forcing spammers to use their own domains. MTA MARK
addresses the issue of hijacked computers being used for sending spam.
True, but actually, MTAMark and ReverseMX don't address the issue of
hijacked computers completely. It merely changes the situation so that
the hijacked computer will not take direct connections to the receiving
MTAs,
but instead spammers must try
a) to make the hijacked computers send messages via registered MTA for that
network
b) hijack the dns server (to register that hijacked computer)
c) hijack the registered MTA
d) any ideas?
Anyway, it'll limit their possibilities and will target their efforts
on compromising the MTAs, workstations and DNS servers.
All of these simply reduce the freedom that spammers currently have to
do their deeds. With that freedom reduced spammers will be left with
less methods to be used, all of which would allow greater traceability.
Combined with proper law enforcement, cooperating ISPs, and registrars,
this can help reduce the problem by tracing spam to the real world.
One interesting point.. since spammers are knowledgeable and follow
their time - they are propably reading this list, too. Either archived
version
or the subscribed one. I wonder if any of the subscribers or IP addresses
in the list archive weblog can be tracked to spammers...
I don't mean to offend anyone, I just wonder what kind of security
additions they would suggest.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg