-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Dr.
Jeffrey Race
Sent: Monday, 19 April 2004 4:25 AM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Re: Usefulness of wholesale blocking of attachments
for SMTP? (Lane Sharman et al)
Violently snipped; see interleaved comments
On Sun, 18 Apr 2004 10:49:02 -0500, gep2(_at_)terabites(_dot_)com wrote:
I'm going to combine my comments regarding several related posts
on this thread.
snip
Once you identify the "real" machine where the transmission
occurred, more
likely than not it will turn out to be a zombie-infected
spambot. So you get to
throw bricks at a fellow victim.
No, not a fellow victim; a negligent abuse-enabler
snip
Perhaps it is, although it's hard to define "a bulk email event".
This discussion on-point
Rather than making mail filters poll a central site (these have
in the past been
victimized by DDOS attacks), maybe one approach here might be to
set up a
Yahoogroup that could be used to rapidly distribute these
"disreputable domain
names" and IP addresses along with a utility which would add them to the
recipients' HOSTS files (and from there, to their incoming mail filters).
Just today, I was at a friends office and my outgoing email
was blocked
because cliff.concentric.net is now on a spam list.
Yes, and that's one of the problems with SPF, "authenticated users",
certificates and other such schemes. Ultimately it's not very
helpful to throw
rocks at fellow victims.
[snip]
I mail-server I use regularly (Indiana University) has taken, in
response to worms and other malware useing .pif. zip, exe, etc
attachments to spread their damage, has taken the (IMO) rather drastic
step of blocking almost *all* attachments ...
That's sort of the approach of Microsoft's new version of
Outlook, where they
allow blocking by attachment extension. That's better than
nothing, but it
needs to be SOMEWHAT finer: it needs to allow the recipient to
enable specific
attachment types (and certain classes of HTML markup) to be
received from
specific approved-and-trusted senders.
Coincidentally, another list I'm on had a post from the admin of a
local university, talking about spam. Here's what he said.
(quote)
I don't support any Windows systems, yet I seem to spend a
huge amount
of time dealing with problems relating to Windows non-security.
During the
fall/winter term we had to deal with
1) When students returned to Residence in September, at least half of
their machines were infected.
One of my colleagues recently dealt with a client whose system
was "having
assorted problems". Upon installing Spybot-Search-and-Destroy
over TWO HUNDRED
instances of spyware were found on the unwitting user's
computer. There were
additional Spyware programs that SPYBOT S&D did NOT find, besides.
You have to use Bazooka and Adaware besides.>One of the things
that has been
SINGULARLY unhelpful toward addressing the
problem of overloaded mail servers is this plague of
HTML-burdened "alternative"
copies of E-mail messages. It is rare indeed that these provide
genuinely
valuable additional content; instead they usually are loaded
with gratuitous
graphic gizmos, Web bugs, possibly malicious scripting,
misrepresented clickable
links, and text-as-image designed to evade content filters.
While I'll accept
that some folks can argue that their needs for HTML-burdened E-mail is
legitimate, certainly a lot of it is not. Mail with
HTML-burdened attachments
is typically 3x-5x larger than it would be as plain ASCII text.
If HTML-burdened attachments were removed from non-whitelisted
senders' E-mail
(and this would catch at least most of today's spam) then such
mail would be
70-85% smaller in volume than it is today.
This is all documented. It needs to be a new standard. Feel free to
point offenders to <http://www.camblab.com/nugget/htmlmail.pdf>
(or send it to them)
I don't want to see any solutions that result in some
"authority" deciding what
one can and cannot send.
Right, only community consensus should be applied. It is doable.
The whole discussion needs to be recast from "make the victims pay by
coming up with solutions (filtering etc)" to "make the offenders pay".
The only way to do that is to refuse mail from spam-enablers. It fixes
the problem immediately. Again:
<http://www.camblab.com/misc/univ_std.txt).
Spam would stop worldwide within DAYS if most of us, instead of whining
and coming up with impractical technical or legal 'solutions', would
agree to do on the Internet what society does in every other field
of human activity: ensure that actions have consequences. It is THAT
SIMPLE. (Any parent knows.)
Jeffrey Race
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg