ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] "worm spam" and SPF

2004-11-27 22:38:47
from [gep2] [Permanent Link] 
The worm attack on authentication schemes is a particularly bad one. I have 

recently joined the list, so I apologize if this has been discussed previously. 
But consider the following scenario: A new worm come out that uses infected 
machine's designated servers to send out mail. Say these mail servers have a 
SPF 
or DK record and further they enjoy good reputations on the various reputation 
services (since they mostly send out good mail). The recipient machines
do a SPF/DK check, it passes, they lookup the reputation, which checks out too, 
and deliver the mail bypassing all content-based filtration sub-systems. The 
recipient systems get infected. The smarter users start reporting the worm to 
reputation services, who in turn punish the senders. After a while the senders 
reputation drops so much that they are unable to send out legit mail.

Bingo.

I've been arguing PRECISELY this point for several years, and Wong (et al) 
still 
forge blindly ahead with SPF and other such equally braindead 
authentication/DNS-based schemes.


This is bit of an extreme scenario, but a plausable one. Once it happens, 

spammers will adopt it and change the payload (worm + spam). 

Right, and they can do that literally overnight.  SPF and other such schemes 
SIMPLY DO NOT WORK because they DO NOT SOLVE THE PROBLEM.  They only force 
worms 
to use "real" return addresses and "approved" servers, but that accomplishes 
very, very little.

Meanwhile, the fine-grained permissions-list solutions which WOULD prove 
effective and constitute a MAJOR clampdown on viruses/worms/spam get largely 
ignored.

Go figure.


Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] "worm spam" and SPF, gep2
Next by Date:  [Asrg] Re: "worm spam" and SPF, Frank Ellermann
Previous by Thread:  Re: [Asrg] "worm spam" and SPF, gep2
Next by Thread:  [Asrg] Re: "worm spam" and SPF, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]