Violently snipped; see interleaved comments
On Sun, 18 Apr 2004 10:49:02 -0500, gep2(_at_)terabites(_dot_)com wrote:
I'm going to combine my comments regarding several related posts on this
thread.
snip
Once you identify the "real" machine where the transmission occurred, more
likely than not it will turn out to be a zombie-infected spambot. So you get
to
throw bricks at a fellow victim.
No, not a fellow victim; a negligent abuse-enabler
snip
Perhaps it is, although it's hard to define "a bulk email event".
This discussion on-point
Rather than making mail filters poll a central site (these have in the past
been
victimized by DDOS attacks), maybe one approach here might be to set up a
Yahoogroup that could be used to rapidly distribute these "disreputable domain
names" and IP addresses along with a utility which would add them to the
recipients' HOSTS files (and from there, to their incoming mail filters).
Just today, I was at a friends office and my outgoing email was blocked
because cliff.concentric.net is now on a spam list.
Yes, and that's one of the problems with SPF, "authenticated users",
certificates and other such schemes. Ultimately it's not very helpful to
throw
rocks at fellow victims.
[snip]
I mail-server I use regularly (Indiana University) has taken, in
response to worms and other malware useing .pif. zip, exe, etc
attachments to spread their damage, has taken the (IMO) rather drastic
step of blocking almost *all* attachments ...
That's sort of the approach of Microsoft's new version of Outlook, where they
allow blocking by attachment extension. That's better than nothing, but it
needs to be SOMEWHAT finer: it needs to allow the recipient to enable
specific
attachment types (and certain classes of HTML markup) to be received from
specific approved-and-trusted senders.
Coincidentally, another list I'm on had a post from the admin of a
local university, talking about spam. Here's what he said.
(quote)
I don't support any Windows systems, yet I seem to spend a huge amount
of time dealing with problems relating to Windows non-security. During the
fall/winter term we had to deal with
1) When students returned to Residence in September, at least half of
their machines were infected.
One of my colleagues recently dealt with a client whose system was "having
assorted problems". Upon installing Spybot-Search-and-Destroy over TWO
HUNDRED
instances of spyware were found on the unwitting user's computer. There were
additional Spyware programs that SPYBOT S&D did NOT find, besides.
You have to use Bazooka and Adaware besides.>One of the things that has been
SINGULARLY unhelpful toward addressing the
problem of overloaded mail servers is this plague of HTML-burdened
"alternative"
copies of E-mail messages. It is rare indeed that these provide genuinely
valuable additional content; instead they usually are loaded with gratuitous
graphic gizmos, Web bugs, possibly malicious scripting, misrepresented
clickable
links, and text-as-image designed to evade content filters. While I'll accept
that some folks can argue that their needs for HTML-burdened E-mail is
legitimate, certainly a lot of it is not. Mail with HTML-burdened attachments
is typically 3x-5x larger than it would be as plain ASCII text.
If HTML-burdened attachments were removed from non-whitelisted senders' E-mail
(and this would catch at least most of today's spam) then such mail would be
70-85% smaller in volume than it is today.
This is all documented. It needs to be a new standard. Feel free to
point offenders to <http://www.camblab.com/nugget/htmlmail.pdf>
(or send it to them)
I don't want to see any solutions that result in some "authority" deciding
what
one can and cannot send.
Right, only community consensus should be applied. It is doable.
The whole discussion needs to be recast from "make the victims pay by
coming up with solutions (filtering etc)" to "make the offenders pay".
The only way to do that is to refuse mail from spam-enablers. It fixes
the problem immediately. Again: <http://www.camblab.com/misc/univ_std.txt).
Spam would stop worldwide within DAYS if most of us, instead of whining
and coming up with impractical technical or legal 'solutions', would
agree to do on the Internet what society does in every other field
of human activity: ensure that actions have consequences. It is THAT
SIMPLE. (Any parent knows.)
Jeffrey Race
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg