Hi Alan:
A couple of years ago, the writing was on the wall about the writing on
the net was clear.
Currently, I offer a POP and SMTP solution. The latter is a good
heat-shield for an SMTP server. Basically, the smtp server instead of a
port firewall value of 25/* is now 25/{single class c}. The problem has
become so large that we have to maintain approximately 1000 servers to
protect our clients.
What interests me is point of origin detection, identification and
blocking. In other words, what addition to the SMTP protocol would make
it possible to identify, for example, "unstamped email being sent out in
bulk mode". Statistically, isn't it possible to identify an instance of
a bulk email event on the net?
Anyway, I am doing my share to block spam as close to the point of
origin as possible but I am still not happy. Just today, I was at a
friends office and my outgoing email was blocked because
cliff.concentric.net is now on a spam list.
Lane Sharman
Alan DeKok wrote:
Jim Witte <jswitte(_at_)bloomington(_dot_)in(_dot_)us> wrote:
I mail-server I use regularly (Indiana University) has taken, in
response to worms and other malware useing .pif. zip, exe, etc
attachments to spread their damage, has taken the (IMO) rather drastic
step of blocking almost *all* attachments ...
Coincidentally, another list I'm on had a post from the admin of a
local university, talking about spam. Here's what he said.
(quote)
I don't support any Windows systems, yet I seem to spend a huge amount
of time dealing with problems relating to Windows non-security. During the
fall/winter term we had to deal with
1) When students returned to Residence in September, at least half of
their machines were infected.
2) Anemic Internet connectivity because our commercial traffic shaper
would go bonkers trying to maintain state on connections initiated by
network virus infected machines.
3) Overloaded Internet pipe due to coordinated DOS attack from trojan
infected machines. It's amazing how much traffic an infected, recent
model Intel machine with a switched 100Mbps connection can generate!
4) Infected Windows machines are now a major source of spam. After
doubling the performance of our mail server in August we were
astonished to find only a few months later that it was being pounded
into the ground by the growing stream of spam related mail.
5) Spammers frequently use bogus @UNIVERSITY addresses on their mail
and so all undeliverable messages are bounced to us. We are typically
receiving over 1 million such bounce messages every day! Since the
spam mail that is the source of this problem originates from thousands
of infected machines there is no solution other than to throw more
hardware at it.
6) When my desktop Windows machine at work was upgraded to Windows XP
the machine was infected before the installation was finished. It
took four full virus scans and three reboots before it was clean.
(end quote)
See #5. The deployment of RMX/SPF would make a huge difference to
this site. The bounce messages from forged spam could be
automatically scanned and discarded.
This situation is not unique. Spam (and insecure Windows machines)
constitute a clear and present danger to the net. I'm saddened to see
my prediction of 3 years ago fulfilled: Everyone else's email systems
will end up looking like mine; overloaded and useless due to the
overwhelming flood of spam.
Alan Dekok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
--
Lane Sharman
Providing Private and SPAM-Free Email
http://www.opendoors.com
858-755-2868