[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for something

2015-12-10 10:17:25
On 12/10/2015 10:29 AM, Arnt Gulbrandsen wrote:

There are two thresholds: The line above which enough information is
removed to effectively protect whatever is to be protected, and the line
above which best-in-class spam filters cannot effectively distinguish
between a blackhat trying to protect his identity and a whitehat doing
the same.

I wish it were as simple as just two, if only because "best-in-class" filters are not something that even the average or merely above average installation can afford/practically deploy.

There are many filtering things you can do at enterprise (and above) scale that are simply not doable at the merely "big". If nothing else, you simply may not get a big enough signal (of multiple campaigns) to chew upon. Even "magic" ML can't learn if there's not enough to learn.

There really are no technical differences whatsoever between a blackhat and a whitehat trying to protect their identity. The ONLY saving grace is that (in the spam space) the blackhat is forced to resort to methods that scale high enough for an adequate ROI, while the whitehat usually doesn't care that much.

Tor, for example, being a case in point. Tor would be ideal for spam. And it was for a bit. Slow, but worked. I don't know whether the fact that the tor network became so slow as to be unuseable, or that the screams from the "spammed" turned the day, but so few tor exit nodes support outbound port 25 nowadays that it isn't a big problem.

But it can be an abuse problem in other ways. Tor exit operators don't like getting blacklisted, and they have a canned template to send to DNSBL operators with the usual heart-tugging verbiage as a plea to get permanently whitelisted. The only possible reply is "you simply don't want to be known as a safe harbour for abuse, because if you do the problem becomes orders of magnitude worse until everyone considers tor itself too much of a risk and everybody loses. So consider this listing a method of preserving the future of tor.".

Fortunately for tor, it's relatively slow. If it weren't, it would be doomed.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>