spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Can this really be true?

2005-09-25 09:55:58


Alex van den Bogaerdt wrote:
On Sun, Sep 25, 2005 at 03:10:40PM +0200, johnp wrote:


I get the feeling that there are people who are defending the ISP's notion of anyone on their network has an SMTP relay without further checking that the user on the network is actually the real user who is paying their monthly fee, or someone who has hacked their way in or has zombie-fied a machine on that network.


Do we really care?

It doesn't matter if it is the user itself or a zombie.  That machine is the 
spam
source/is relaying spam.  That machine should be taken out of the network/be 
isolated.

This is both valid from an SPF standpoint and from an anti-spam standpoint.

I am not defending ISPs that do not combat these kind of users.  However, there
is, IMHO, no need for an ISP to use password based authentication if they are
doing source address based authorization (PVC, ip address, whatever).

Am I missing something here? How can they verify *anything* about an attempted connection to their network except by username/password. After they have confirmed the authenticity of the login, they then allocate a dynamic IP to that user. After that they are into policing policies to control spam by volume, rate, whatever. A zombie on the network is possibly already logged in and the dynamic IP was given by the ISP. If the IP's are static, as in cable and some ADSL connections, they still have to identify mis-use by policing policies, not by checking IP's which they allocated anyway. Once a machine is zombie'fied, there is no way the ISP will know until the spam starts flowing.

I read somewhere recently that about half of all spam comes from zombies on (A)DSL/Cable connections. Sounds like the policing policies aren't working.


Slainte,
JohnP

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com