On Jan 17, 2006, at 8:53 AM, John Levine wrote:
The problem at this point are viral-infected zombie bot armies.
Yes, and when that gets solved, there will be a new problem.
Remember when the problem was open relays? That's solved, spam is
still here.
The move to open relays and zombies tells us that fixed source spam
is dead. Other evidence of that is that there are few enough fixed
source spammers that the tiny volunteer Spamhaus group manages to
keep them under control. The bad thing about the end of fixed
source spam is that seven or eight years ago mail system managers
were reluctant to block IP addresses for sending spam, but now they
do it at the drop of a hat which means that they make a lot of
mistakes along the way.
It's certainly interesting to ask whether we will ever be able to
lock down the mail system sufficently to make it hard for bad guys
to send spam through unwilling third parties. Considering how much
of the net runs on MS-ware and how unable Microsoft is to make any
progress toward writing secure software, on I'm not holding my
breath. And even if they did, they're hardly the only source of
design errors or implementation bugs.
See http://www.slate.com/id/2133993/
Indeed Windows behaves like natural rubber where a pin-hole quickly
opens into a massive hole. Improving upon the decontamination rate
at least directly addresses the situation and should also stem the
infection rate. Providers could assist by establishing conventions
for including a signed opaque identifier that resolves to an account
(perhaps as an extension to DKIM). Rather than blocking providers
when the situation becomes pronounced, services are available to
direct accounts into obtaining a scrub, where much of this can be
automated. Many AV companies already offer this as a free service.
On a different note, the products and performance demonstrated at
Macworld were impressive. The new notebook seemed a bit warm, but
was running 5x faster. It appears that an OS build upon Unix
benefits from decades of cross-platform compatibility. Oddly, the
one major product still needing an emulator to run was Office. Maybe
there is a little light at the end of the tunnel.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg