ietf-asrg
[Top] [All Lists]

RE: [Asrg] "worm spam" and SPF

2004-11-27 12:34:01
Nod. This moves the content filtration problem to a different 
place: on the outgoing servers. If the only way to send out spam 
is through drones, then all spammers will move to using drones. 
The conclusion that I draw from this is that content filtration 
techniques used on outbound mail would have to be of the same 
level of sophistication as inbound filtration today. 

cheers,
vipul

-----Original Message-----
From: asrg-bounces(_at_)ietf(_dot_)org on behalf of Seth Breidbart
Sent: Fri 11/26/2004 11:15 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] "worm spam" and SPF
 
"Vipul Ved Prakash" <vipul(_at_)cloudmark(_dot_)com> wrote:

[some MIME cruft elided]

But consider the following scenario: A new worm come out that uses
infected machine's designated servers to send out mail.  Say these
mail servers have a SPF or DK record and further they enjoy good =
reputations on the various reputation services (since they mostly
send out good mail). The recipient machines do a SPF/DK check, it
passes, they lookup the reputation, which checks out too, and
deliver the mail bypassing all content-based filtration
sub-systems. The recipient systems get infected.  The smarter
users start reporting the worm to reputation services, who in turn
punish the senders. After a while the senders reputation drops so
much that they are unable to send out legit mail.

Therefore, an ISP (or other sender) that wishes to retain a good
reputation will set its outgoing mailservers to check for the latest
worms fairly soon after they're discovered, and throttle mail from any
particular sender so not too many worms get out before they're learned
about.

Seth

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg