ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: bounces, and anti-spam principles

2007-01-23 12:46:44
<gep2(_at_)terabites(_dot_)com> wrote:

Absolutely, and that's a good reason why blocking by 
either IP address or domain name is such a bad solution. 
 A fine-grained whitelist which specifies ALLOWED behavior 
on a per-sender basis, on the other hand, can easily allow 
or block messages from a given sender ON A 
MESSAGE-BY-MESSAGE basis, so that their legitimate 
messages get delivered but the (zombie) messages being 
sent by their same (infected)machine, using the same mail 
servers and same permissions/certifications but which do 
not look the way that sender's messages are expected to 
look (by the recipient!) are efficiently and accurately 
identified and blocked.

So "rehabilitation" isn't even an issue.

So the zombie becomes unable to emit spam, but there's no incentive to
fix it so it's still available to the botmaster for use as a C&C
machine, web/DNS server, and DDoS participant.  I'd prefer that it get
uninfected.

Seth

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg