ietf-asrg
[Top] [All Lists]

Re: [Asrg] Usefulness of wholesale blocking of attachments for SMTP?

2004-04-13 07:26:01
Jim Witte <jswitte(_at_)bloomington(_dot_)in(_dot_)us> wrote:
   I mail-server I use regularly (Indiana University) has taken, in 
response to worms and other malware useing .pif. zip, exe, etc 
attachments to spread their damage, has taken the (IMO) rather drastic 
step of blocking almost *all* attachments ...

  Coincidentally, another list I'm on had a post from the admin of a
local university, talking about spam.  Here's what he said.

(quote)
   I don't support any Windows systems, yet I seem to spend a huge amount
of time dealing with problems relating to Windows non-security.  During the
fall/winter term we had to deal with

   1) When students returned to Residence in September, at least half of
      their machines were infected.
   2) Anemic Internet connectivity because our commercial traffic shaper
      would go bonkers trying to maintain state on connections initiated by
      network virus infected machines.
   3) Overloaded Internet pipe due to coordinated DOS attack from trojan
      infected machines.  It's amazing how much traffic an infected, recent
      model Intel machine with a switched 100Mbps connection can generate!
   4) Infected Windows machines are now a major source of spam.  After
      doubling the performance of our mail server in August we were
      astonished to find only a few months later that it was being pounded
      into the ground by the growing stream of spam related mail.
   5) Spammers frequently use bogus @UNIVERSITY addresses on their mail
      and so all undeliverable messages are bounced to us.  We are typically
      receiving over 1 million such bounce messages every day!  Since the
      spam mail that is the source of this problem originates from thousands
      of infected machines there is no solution other than to throw more
      hardware at it.
   6) When my desktop Windows machine at work was upgraded to Windows XP
      the machine was infected before the installation was finished.  It
      took four full virus scans and three reboots before it was clean.
(end quote)

  See #5.  The deployment of RMX/SPF would make a huge difference to
this site.  The bounce messages from forged spam could be
automatically scanned and discarded.

  This situation is not unique.  Spam (and insecure Windows machines)
constitute a clear and present danger to the net.  I'm saddened to see
my prediction of 3 years ago fulfilled: Everyone else's email systems
will end up looking like mine; overloaded and useless due to the
overwhelming flood of spam.

  Alan Dekok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg