From: John Stracke <jstracke(_at_)centive(_dot_)com>
(I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials
of the user
to send mail)....
The question is whether spammers can obtain new credentials (stolen or
otherwise) faster than others can blacklist them.
And, if you had actually read the message you replied to, you would have
realized that the answer is yes. Send out a worm that makes N zombies,
have each zombie send one message under the local user's credentials,
and none of them will get blacklisted.
Here's a defense for that scenario:
1. block port 25 to external IP addresses for all of your customers
except those with what draft-klensin-ip-service-terms-01.txt calls
Full Internet Connectivity.
2. Do not sell Full Internet Connectivity to anyone running Microsoft
software exposed to the Internet. Possibly relax this with a $2000
bond forfeited along with connectivity at the first propagation
of a worm or other spam.
3. The effects of #1 and #2 include forcing all mail from the usual
suspects through your own mail systems so that you can do as the
credit card companies do. Track SMTP envelope Mail_To values or
other characteristics for each customer. When you see a change,
contact the customer by voice to check.
In practice, you could probably get by with detecting changes in mail
volumes, since a spam spew of 1 message/zombie is at least 10 and
probably 1000 times too low to be practical for high volume spammers.
As far as I can tell, the typical user sends only about a dozen
messages/day.
Of course, the fatal problem with this spam defense is that it is not
based on other people doing the work and paying the costs. It is not
a coincidence that as far as I can tell Yahoo continues to be the most
important U.S. host for Nigerian 419 spammers or that Windows XP
practically requires or at least strongly encourages individual users
to run their browsers and MUAs as "administrator." It is not a
coincidence that sender validating systems including those Yahoo and
Microsoft are based on the rest of the Internet doing most of the work.
The howls from the Special People who feel that they are entitled to
Full Internet Connectivity at prices and terms they find comfortable
(and about the per capita income in large parts of the world) are also
related to the fundamental cause of all spam. There would be no spam
problem including worms if every ISP would look after its own problems
by terminating all spammers including customers who let their machines
be "owned" or if all users were willing to pull their own weight instead
of expecting something for nothing.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf