Re: increase in spam and what to do about it
- From: davidc@xxxxxxxxxxxx
- Date: 22 Nov 2006 07:35:25 -0800
Bill Gunshannon wrote:
In article <1164168707.352713.194240@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
davidc@xxxxxxxxxxxx writes:
What I would like to do is have a DNS server that does an RBL check for
every host requesting an MX lookup. If it's on the RBL, return a
127.0.0.1 as the prefered MTA! Save me a lot of traffic.
The problem with that is that machines can become infected much
faster then the RBL's can learn of them.
I know, but it would still save me a lot of traffic.
This is not a technical
problem it is a social problem. There are no technical solutions
to social problems. It takes a social solution.
There are technical solutions that can help quite a bit.
Unfortunately, that would require a technical solution from Microsoft
that would harden their Windows platform, as the vast majority of
zombies are Billy-boxes. ISP's could be more proactive in
identification and isolation of zombies, but they don't have the guts
to do it (even if they just blocked port 25, that would solve a lot).
The big social problem is that just enough people BUY from these scams
to make them profitable enough (even if only the gambling sense - I
almost won all my money back, so just one more spam run and I should
finally hit to big one!).
That solution
is for email to only be exchanged between consenting sysadmins.
And when someone violates the consent agreement, you cut them off.
The problem is creating the "trust relationships" in the first place,
when you have a userbase which is orders of magnitude larger than the
original UUCP network. And unless you smart-hosted, generating paths to
nodes was rather pain-staking - but someone had to do it so you could
figure out the "trusted" path.
When the predominate problem was with "trusted hosts", i.e. most mail
running through an ISP's mail servers, the spam wasn't as bad and even
RBL's more effective. Even early in the battle with Walt Rines and
Sanford Wallace, there was substantial blackholing of the entire AGIS
backbone (a very string social statement) against spam and their
support to two of the worst known offenders.
The problem is today, you can't take that kind of risk with 99.9% of
your customers getting their e-mail dropped because that 0.1% caused
you to lose your trust relationships and got you blacklisted. That
doesn't mean they can't identify and isolate that 0.1%, but the problem
is getting harder and more frequently occuring than ever before (i.e.
the new SpamThru trojan).
Being as every schmuck on the INTERNET should not be sending Email
from their desktop PC this system is not as complex as you might
think.
Which is why ISP's should route all port 25 through their own mail
servers so they can help isolate the culprits rather than let them
loose. But because of potential social repercussions, they don't/can't
do that.
Social solutions are can only be part of the solution. The technical
ability to zombie a box has got to be eliminated/reduced as well. That
is Gates true legacy - a world full of insecure systems subjecting
everyone else to spam, DDoS attacks, fraud, identify theft, and more.
.
- Follow-Ups:
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- Re: increase in spam and what to do about it
- References:
- increase in spam and what to do about it
- From: Phillip Helbig---remove CLOTHES to reply
- Re: increase in spam and what to do about it
- From: JF Mezei
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- Re: increase in spam and what to do about it
- From: davidc
- Re: increase in spam and what to do about it
- From: Bill Gunshannon
- increase in spam and what to do about it
- Prev by Date: Re: Western Dayligh Time. Starts in 12 days!
- Next by Date: Re: Debugger newbie question (Alpha)
- Previous by thread: Re: increase in spam and what to do about it
- Next by thread: Re: increase in spam and what to do about it
- Index(es):
Relevant Pages
|
