ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Spam Salt, an email sender authentication mechanism

2010-10-28 05:39:48
from [Ian Eiloart] [Permanent Link] 


--On 28 October 2010 01:29:37 -0400 Chris Lewis <clewis(_at_)nortel(_dot_)com> 
wrote:


On 10/27/2010 6:29 AM, Rich Kulawiec wrote:

It doesn't matter.  The entire issue of end-user authentication is
dead, dead, dead thanks to 100+ million zombies with keystroke loggers.
It doesn't matter how clever the tech is, how slick the UI is, how
minimal the effort is.


Oh, then, port 25 blocking and SMTP submit authentication is dead dead
dead too, predicated on the _same_ zombies and keyloggers?

Actually, it's not, at least on the sending side, because for various
reasons, botnet writers haven't (with only trivially small exceptions)
done it.
Here, we block outbound port 25. It means that all SMTP traffic on port 25 has to pass through our MTA. That doesn't stop the occasional abuse of compromised accounts, but it does mean that we can monitor traffic. For example, we rate limit users when they're off campus. And, we monitor volumes from on campus sources.
Of course, there's still the possibility of trickle feeding from compromised accounts, but that makes the accounts much less valuable than they otherwise would be. 


On the receiving side, yes, the volume is still gruesomely high (because
of sites that haven't/won't see the light), but (a) it'd probably be MUCH
higher without it and (b) you can often use knowledge about who don't
(and where their IP space is) to block it anyway (cue SORBSDUL, PBL, EL
etc) or (c) partially evolve to "default block" approaches.

Certainly, the equation would change if "everybody did it", but it could
provide considerable breathing space, and perhaps change the spammer ROI
sufficiently to get more of them out of the biz.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Please take a look at the blacklist BCP draft, Chris Lewis
Next by Date:  Re: [Asrg] Spam Salt, an email sender authentication mechanism, Douglas Otis
Previous by Thread:  Re: [Asrg] Spam Salt, an email sender authentication mechanism, Chris Lewis
Next by Thread:  Re: [Asrg] Spam Salt, an email sender authentication mechanism, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]