ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] + 1 vote + 50 cents

2011-03-01 13:49:38
from [Pandelis Papanikolaou] [Permanent Link] 
1 + in favor of draft, from a major Greek ISP.

And now that my alibi is in place, I want to share some general remarks
and thoughts on the issue at hand.

On the long run our strategy may be self defeating.

Mail service became heavily impaired because of spam.  Useful mails were
lost in the pile of junk.

Mail service became even more impaired because of some antispam
strategies . In extreme cases many postmasters apply silent discards so
you don't even get a notification that your email was ditched.

Because of the spam frenzy, postmaster mentality has changed. From
"first do no harm" and "zero mail loss" were are mainly targeting high
filtering ratios, low false positives and acceptable collateral damage.

I was quite amazed when I heard from a "corporate" postmaster that he
prefers to filter out 10 legitimate emails than let 1 spam pass...

Block outgoing 25 , the answer to our troubles... Is it really ?

We have a lot of spammers that are using our mail infrastructure using
client credentials. They wont mind using 587 or 465. They even accept
and adapt to very low rate limits (ex. 2 per minute). Let the botnet do
the work...

And since email popularity is diminishing they are moving to messengers,
forums etc etc

Are we going to block those too or maybe even build a great firewall and
sensor everything ?

Is technology alone able to solve this issue?

Using conventional, legal and ethical means , we will never be able to
compete with the guys writing the viruses and running the botnets. The
only sustainable solution is to break the circle of profit.

Deep Throat: Follow the money. True then, also true now.

If "businesses" are able to continue making money by attracting
"clients" through abusive techniques, no matter what we do, profit will
prevail. Profit will always find a way...

Until we are able to do that, we shall, should, must continue to improve
our mitigation techniques having one priority above all else...
To protect and assure our users  ability to communicate.

Thanks for reading

P.




_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] + 1 vote + 50 cents, Pandelis Papanikolaou <=
Previous by Date:  Re: [Asrg] draft-irtf-asrg-bcp-blacklists-07 [re-send], Jose-Marcio Martins da Cruz
Next by Date:  Re: [Asrg] draft-irtf-asrg-bcp-blacklists-07 [re-send], Andrew Kirch
Previous by Thread:  [Asrg] Final statement, Claus v. Wolfhausen
Next by Thread:  [Asrg] Getting group consensus on draft-irtf-asrg-bcp-blacklists, John R. Levine
Indexes:  [Date] [Thread] [Top] [All Lists]