On Thu, Sep 09, 2004 at 06:15:40PM +0200, Patrik Fältström wrote:
More education needed, else any mechanism which try to stop fake sender
addresses will fall in the same trap -- and be useless. We need ability
to track spammers (i.e. more correct data about the sender), someone
tracking and a legal system which penalizes the originator to show that
"spam is not ok". All three things. One piece in the puzzle is not
enough.
IMHO we need something different first.
If in real life you throw 100,000 letters on the street no postman will
collect and deliver them to the recipients. You have to carry them
somewhere like a post office to get them distributed and delivered.
A postman will only accept letters and put them in his bag if they are
from a "official" post office.
The disadvantage of the SMTProtocol is that there is no way for a MTA
(as opposed to MSA and MDA) whether the party putting letters in his
mailbag is a "official" post office or just some random user.
So what we really need is a method for a MTA to tell the difference.
DE has 6.9 millions registered domains and according to a survey of
Peter Koch (it is in the archives of this list) there are about 150,000
unique IP addresses of MX hosts for that domains. With each TLD added
the percentage will decrease, as a lot of MX hosts act for domain pools
like
example.{com,net,org,ccTLD,...}
In DE the ratio domains to MXhosts is 2.1% and with all existing domains
on the Internet it may drop to 1.5%.
I think it is not an assumption with a large error ration (at least it
is in the same order of magnitude) to assume that the number of sending
IP addresses ~ number of IP addresses of MX hosts.
IMHO that is a data set that is more workable with, even more as the
control is with people that tend to know what they are doing
(i.e. managing a MTA).
So IMHO Mta Authorization Records In Dns (MARID) should have dealt foremost
with the fact to provide the information in DNS if an IP is a mailserver
at all. That way we would have received the number of "mailservers" (or
lookalikes) from 4,000,000,000 to about 600,000?
Yeah I know all the gossip about "marking in rev DNS is bad as rev DNS
is poorly maintained". Now, how much "legitimate" mailservers have
broken revDNS records? And this is all that is important, if the revDNS
for "legitimate" mailservers is also "poorly maintained".
But industry and the big money are all for anti spoofing of domain
names to protect their customers. But as long as the software industry,
on which this solutions depend, produces software like described in
http://weblog.infoworld.com/udell/2004/03/23.html
this authorization thingy will reduce the success of spoofers and
phishers by exactly 0 percent.
Sure - as someone has written in this thread - spammers (ab)using SPF help
to block their IP addresses, but with spammers running botnets of 100,000s
of infected hosts I don't think they really care about that fact at all.
Rather they sit there having a good time and laughing about all those
heated discussions about patents and methods of authorization they do
not at all care about. At least not for another 5-10 years.
The spam problem is more then 10 years old (Cantor and Siegel was 1994)
and now look how far we have already come in the last 10 years.
Currently my maillog show that the spam problem is worse than ever.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"