ietf-asrg
[Top] [All Lists]

Re: [Asrg] How about we do something about spam?

2007-01-30 21:25:45
[problem of botnets as spam originators]

Isn't the solution to decline ALL mail from obvious pool addresses? I hear the argument that you can't put pool addresses in a DNSBL because next week the bot will have a different address. So put the whole pool in the BDSBL.

The solution to the problem is actually AMAZINGLY simple... I know that a lot of y'all have this fixation on IP-based solutions, but a FAR better solution (rather than attempting to block spam AFTER the botnets are recruited) is to block the virus/worm code-containing E-mail messages BEFORE they infect those computers.

And that is really rather easy... you simply block any HTML or attachments (and particularly EXECUTABLE attachments) that isn't coming from a sender that is known and trusted by the recipient TO SEND THEM EXECUTABLE CONTENT.

Note that MOST users (probably 98-99%) will not whitelist ANYBODY to send them executable content in E-mails...!

The other way that botnets are recruited are by people visiting infectious Web sites, but that is a problem for a different list.



...This will result in a security disaster when an MTA holding thousands of private keys becomes compromised. Clients transmitting or signing email MUST be identifiable and spam MUST be made illegal. Lack of SMTP client identification and spamming is _directly_ responsible for the spread of much of today's malware!

The fixation on "client identification" (like SPF does) isn't very effective for the simple reason that an infected machine can send spam using all of that machine's certifications and habitual outgoing mail server.

Likewise, a person can need to send legitimate mail from an inhabitual location (such as a cruise ship Internet cafe).

What IS (much more!) effective is to determine whether an outgoing (/arriving?) mail message LOOKS "LIKE" the mail that the legitimate user of the now-infected machine habitually sends to a given correspondent. Ideally, that "looks like:" rule and criteria would be different for each correspondent recipient.

The criminal element has demonstrated individuals can not be easily tracked in today's Internet. Those in the business of transmitting messages should identify their clients and not abuse network resources by allowing bulk unsolicited promotions of any sort.

What is 'legal' and 'not legal' will depend on from which country the messages originate. "Identifying clients" doesn't accomplish much if a legitimate, honest user finds that their machine has been infected. What do you want to do, sue the previous, also-innocent victim?


Gordon Peterson
http://personal.terabites.com
1977-2007 Thirty year anniversary of local area networking

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg