The message below is from the SMTP-VERIFY subgroup. Would it would be
useful to document this procedure? Can anyone provide data on
effectiveness of this technique?
Yakov
-------- Original Message --------
Date: Sat, 28 Feb 2004 20:25:22 -0800 (PST)
From: William Leibzon <william(_at_)completewhois(_dot_)com>
CC: smtp-verify(_at_)asrg(_dot_)sp(_dot_)am
On 29 Feb 2004, John Levine wrote:
ISPs that care have been dealing with this all along. You count the
messages from each host, and if you see a big spike, you either
suspend the account or confine the host to a web jail that tells them
to disinfect their computer and call in to get out of jail after they
do. The jail's like the one you're in when you connect to a hotel
network and haven't agreed to pay the ten bucks yet. The mail spikes
are not subtle. Hosts that normally send five messages a day start
sending blasts of thousands.
The above "jail" system is not as widely used. More common is simply
redirection of port25 to main ISP mail server relay and calculating how
much traffic is coming from specific user/port.
This is not a research topic, since ISPs
do this in production now and the techniques are well known.
That particular anti-spam technique is done in production does not mean
it should not be an issue for ASRG. ASRG should still research how
effective the technique both currently and towards the future and
compare it to any other proposals that are being made.
Additionally since this has not been documented by IETF it maybe good
idea to work towards BCP document for mail setup for ISPs that service
dial/dsl/cable customers. It does not mean that ISPs will necessarily
follow it, but it might still improve the situation with availability of
hijacked PCs.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg