ietf-asrg
[Top] [All Lists]

[Asrg] Re: IBM invents return to sender

2005-03-23 16:54:54
Barry Shein said

Ok, to be fair, I'm now studying their docs:

     http://www.alphaworks.ibm.com/tech/fairuce

I agree that C/R methods can be used for DOS and spammers can use them to
determine valid e-mail addresses.

That said, the fact that this is coming from IBM's alphaworks shop says that
a) You have access to the source code, and
b) the ability to comment to IBM about what you've seen, and
c) the documentation enabling you to understand what the source code does.

A bit of IBM alphaworks stuff has made it into the mainstream (see Eclipse
for an example).  When I was an OS/2 fanatic, I spent a lot of time at the
alphaworks site looking at what IBM was doing with OS/2; I could draw
hints from this with regard to how to code my own applications.

For example in the current case, if you strip out the C/R component, could
the remainder be turned to some use?

Reversion of topic:  The author of FairUCE is making some simplistic
assumptions about the nature of e-mail; for example, they send back a
challenge to the machine connecting to the recipient's e-mail server. 
That assumes that any MTA emitting outbound mail is prepared to accept
inbound mail.  We all know that this is rarely the case, so the product
may well work with the current crop of viral spamservers.

However, a kernel of that idea might well be one way of detering spamming;
allow only those machines listed in MX records for the domain to be e-mail
emitters for that domain.  That means that, for a spammer to use a machine
to emit e-mail for a domain, they must own the domain and a dns server
prepared to name the machine via an MX record.  This introduces a level of
accountability now missing -- one can always interrogate the ICANN domain
records to determine the current owner of a domain. Thence, rbl's can be
built to incorporate both domains and IP addresses.  Unless the spammer
has one domain name per machine, you can kill many of his distributed
servers with one block entry if we force the spammers to use domain names.

Throw away domains:  assume that a spammer creates a domain and uses it
for exactly one "job".  If the RBL list resulting from such a spamflood is
based on domain name, all resources for that job can be tempoararily
blocked based on a domain name entry rather than a large list of IP
entries.  Since domain names have expiration dates, aging of such lists
could occur in a natural way.

I haven't thought this through completely, but it seems that enforcing an
MX rule would require spammers to retool their infrastructure in a far
more substantial way than what would be required of legitimate ISPs.






_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


<Prev in Thread] Current Thread [Next in Thread>