On Sun, 30 May 2004 17:16:42 -0400
"Perry E. Metzger" <perry(_at_)piermont(_dot_)com> wrote:
Nathaniel Borenstein <nsb(_at_)guppylake(_dot_)com> writes:
This would be a very interesting philosophical argument if in
fact what we were discussing was something that could take a
significant bite out of spam. In the absence of such an
ability, however, the real question is whether user accounts
should be crippled in the name of spam fighting when the
crippling *isn't* going to help significantly with the spam
problem.
But it will. Almost all of my spam comes via incompetent end
users who've had their machines taken over by the bad guys.
Blocking dynamic IP ranges also nukes a very large fraction of
my spam.
I really, really hesitate to suggest the following, I really hope
I'm not going to make the future happen by predicting it.
I'm just waiting for the next Outlook based (or alternatively, a
socially engineered executable based) worm that uses legitimate
email addresses and "legitimate" (in the sense of
"legitimate because TCP port 25 is not blocked") MTAs to send out
spam. Blocking TCP port 25 on dialup accounts (or any other
Internet service) will have no effect in mitigating these types
of attacks. Blocking TCP port 25 for ALL Internet access would be
the only way a traffic blocking technique would have any effect
in mitigating a spam delivery method like this.
I think the easy solution is just to block port 25 unless
someone asks for it to be opened. Average users have no idea
what port 25 does or even what TCP is, so they won't care.
This isn't a bad idea, what it really does is adds a level of
manual, non-Internet, once-off authentication to the TCP port 25
service. The only question then is how well the authentication
procedures are followed. See Kevin Mitnick's book about those
problems.
Regards,
Mark.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf