> From: John Stracke <jstracke@xxxxxxxxxxx> > >> (I've yet to see a proposal that works if the spammers start > >> utilizing zombie machines that snarf the already-stored credentials > >> of the user > >> to send mail).... > > > > The question is whether spammers can obtain new credentials (stolen or > > otherwise) faster than others can blacklist them. > > And, if you had actually read the message you replied to, you would have > realized that the answer is yes. Send out a worm that makes N zombies, > have each zombie send one message under the local user's credentials, > and none of them will get blacklisted. Here's a defense for that scenario: 1. block port 25 to external IP addresses for all of your customers except those with what draft-klensin-ip-service-terms-01.txt calls Full Internet Connectivity. 2. Do not sell Full Internet Connectivity to anyone running Microsoft software exposed to the Internet. Possibly relax this with a $2000 bond forfeited along with connectivity at the first propagation of a worm or other spam. 3. The effects of #1 and #2 include forcing all mail from the usual suspects through your own mail systems so that you can do as the credit card companies do. Track SMTP envelope Mail_To values or other characteristics for each customer. When you see a change, contact the customer by voice to check. In practice, you could probably get by with detecting changes in mail volumes, since a spam spew of 1 message/zombie is at least 10 and probably 1000 times too low to be practical for high volume spammers. As far as I can tell, the typical user sends only about a dozen messages/day. Of course, the fatal problem with this spam defense is that it is not based on other people doing the work and paying the costs. It is not a coincidence that as far as I can tell Yahoo continues to be the most important U.S. host for Nigerian 419 spammers or that Windows XP practically requires or at least strongly encourages individual users to run their browsers and MUAs as "administrator." It is not a coincidence that sender validating systems including those Yahoo and Microsoft are based on the rest of the Internet doing most of the work. The howls from the Special People who feel that they are entitled to Full Internet Connectivity at prices and terms they find comfortable (and about the per capita income in large parts of the world) are also related to the fundamental cause of all spam. There would be no spam problem including worms if every ISP would look after its own problems by terminating all spammers including customers who let their machines be "owned" or if all users were willing to pull their own weight instead of expecting something for nothing. Vernon Schryver vjs@xxxxxxxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf