On Wed, 18 Aug 2004 22:13:22 -0400 (EDT), Nico Kadel-Garcia
<nkadel(_at_)merl(_dot_)com> wrote:
On Wed, 18 Aug 2004, Rodolfo Sikora wrote:
Well, I'm managing about 1.5 million email boxes right now, and I can
say SMTP AUTH does the job. If someone starts to spam, u can lock it
out.
And I have been blocking the whole comcast, ameritech, verison dsl
networks. 80% of my incoming spam is comming through these providers.
I guess that serious people uses smtp auth.
No, it's that a lot of spammers/viruses/etc. use zombied machines
which are fairly prevalent in the Comcast/Ameritech/Verizon
world. They're concerned, correctly, that if they cut off ports and
restrict services, even if their contracts allow them to do so, that
aggravated clients and civil liberties advocates will make their lives
hell in court.
Thanks microsoft for letting these worms spread out through IE
exploits... this really sucks, but it's reality already.
Also, allowing services for those business customers who contract to
run their own SMTP server, SQL server, FTP server, IRC server,
etc. over the Internet at large and writing the filter rules to allow
the corporate customers but not the home customers is a serious
manpower sink. It's often very easy to screw up the rules and leave
gaping holes or cut off people without warning, and the engineering
time and router CPU resources eat up your limited budget. ISP's are
still going out of business at a regular rate, even fairly large ones.
Man is so easy to install a smtp auth server and let people send
emails through them... and u don't have to block home or business,
it's just a matter of knowing who's sendind that email. Today I
blocked two users, the ISP I work for called them and asked them to
stop or they will be banned. I think any reasonable judge will notice
who's wrong and who's not.
I'm going to use SPF not to block email, but to whitelist emails so my
anti spam solution won't touch these "ham" email.
If my system detect a spam from a domain using SPF, this domain will
be blocked automatcly.
Good stuff. Unfortunately, it's easy for a reputable and responsible
network to accidentally get a virus-laden or zombied machine, so I
hope you're leaving a reasonable amount of slack for such accidents.
These worms works like a TCP proxy so u can block DSL/CABLE users with
low risk. So if big providers held us out forcing smtp auth, we easily
would be able to avoid such kind of spam, and if u have a coporate
ADSL/CABLE, be sure to be on a private network, I mean, don't mix home
users IPs with corporate users IPs.
--
Nico Kadel-Garcia
Systems Engineer
Mitsubish Electric Research Lab
<nkadel(_at_)merl(_dot_)com>
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com