ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] How about we do something about spam?

2007-01-30 23:18:39
from [Dan Oetting] [Permanent Link] 
        From:     dan_oetting(_at_)qwest(_dot_)net
        Subject:        Re: [Asrg] How about we do something about spam?
        Date:   January 30, 2007 11:11:25 PM MST
        To:       gep2(_at_)terabites(_dot_)com


On Jan 30, 2007, at 9:07 PM, gep2(_at_)terabites(_dot_)com wrote:


[problem of botnets as spam originators]
The solution to the problem is actually AMAZINGLY simple... I know that a lot of y'all have this fixation on IP-based solutions, but a FAR better solution (rather than attempting to block spam AFTER the botnets are recruited) is to block the virus/worm code-containing E- mail messages BEFORE they infect those computers.
And that is really rather easy... you simply block any HTML or attachments (and particularly EXECUTABLE attachments) that isn't coming from a sender that is known and trusted by the recipient TO SEND THEM EXECUTABLE CONTENT.
At the risk of giving the criminals more ideas, what if there is a stealth virus that watches who you send executable attachments to and every once in a while attaches itself to one of those emails by infecting the application that you are already sending?
Note that MOST users (probably 98-99%) will not whitelist ANYBODY to send them executable content in E-mails...!
From a quick survey, I would say that 90% of the participants on this list don't even consider it a possibility that a silly windows virus in an email attachment could infect their machine. Most of the rest would be adequately protected. Some though may actively seek the viruses so they can disassemble them. But then, this isn't a typical user population.
A substantial portion of the net user population are actively exchanging executable files. I even get the occasional executable file from my dad forwarded through a long chain of friends. He complains sometimes about not being able to open them at home but forwards them to his office where they will run.
The other way that botnets are recruited are by people visiting infectious Web sites, but that is a problem for a different list.
There are lots of other vectors for passing malicious code to machines willing to suck it in.
But I don't believe in blocking legitimate activity to stop a few criminals that also use that activity. If an ISP can block executable attachments in the "hope" of preventing a users machine from getting infected then they can just as easily unplug that users machine from the net IF it gets infected and starts abusing the net. If an ISP wants to be proactive they could supply anti-virus tools like a Linux installer for their customers. 

-- Dan Oetting



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] please disregard message from me sent to asrg list by accident, David Nicol
Next by Date:  Re: [Asrg] How about we do something about spam?, Devdas Bhagat
Previous by Thread:  Re: [Asrg] How about we do something about spam?, Seth Breidbart
Next by Thread:  Re: [Asrg] How about we do something about spam?, Devdas Bhagat
Indexes:  [Date] [Thread] [Top] [All Lists]