ietf-asrg
[Top] [All Lists]

Re: [Asrg] Email service assumptions and making system-wide changes

2006-01-17 11:12:34

On Jan 17, 2006, at 8:53 AM, John Levine wrote:

The problem at this point are viral-infected zombie bot armies.

Yes, and when that gets solved, there will be a new problem. Remember when the problem was open relays? That's solved, spam is still here.

The move to open relays and zombies tells us that fixed source spam is dead. Other evidence of that is that there are few enough fixed source spammers that the tiny volunteer Spamhaus group manages to keep them under control. The bad thing about the end of fixed source spam is that seven or eight years ago mail system managers were reluctant to block IP addresses for sending spam, but now they do it at the drop of a hat which means that they make a lot of mistakes along the way.

It's certainly interesting to ask whether we will ever be able to lock down the mail system sufficently to make it hard for bad guys to send spam through unwilling third parties. Considering how much of the net runs on MS-ware and how unable Microsoft is to make any progress toward writing secure software, on I'm not holding my breath. And even if they did, they're hardly the only source of design errors or implementation bugs.

See http://www.slate.com/id/2133993/

Indeed Windows behaves like natural rubber where a pin-hole quickly opens into a massive hole. Improving upon the decontamination rate at least directly addresses the situation and should also stem the infection rate. Providers could assist by establishing conventions for including a signed opaque identifier that resolves to an account (perhaps as an extension to DKIM). Rather than blocking providers when the situation becomes pronounced, services are available to direct accounts into obtaining a scrub, where much of this can be automated. Many AV companies already offer this as a free service.

On a different note, the products and performance demonstrated at Macworld were impressive. The new notebook seemed a bit warm, but was running 5x faster. It appears that an OS build upon Unix benefits from decades of cross-platform compatibility. Oddly, the one major product still needing an emulator to run was Office. Maybe there is a little light at the end of the tunnel.

-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>