Re: spoofing email addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: John Stracke <jstracke@xxxxxxxxxxx>

> >> (I've yet to see a proposal that works if the spammers start
> >> utilizing zombie machines that snarf the already-stored credentials 
> >> of the user
> >> to send mail)....
> >
> > The question is whether spammers can obtain new credentials (stolen or 
> > otherwise) faster than others can blacklist them.
>
> And, if you had actually read the message you replied to, you would have 
> realized that the answer is yes.  Send out a worm that makes N zombies, 
> have each zombie send one message under the local user's credentials, 
> and none of them will get blacklisted.

Here's a defense for that scenario:

  1. block port 25 to external IP addresses for all of your customers
    except those with what draft-klensin-ip-service-terms-01.txt calls
    Full Internet Connectivity.

  2. Do not sell Full Internet Connectivity to anyone running Microsoft
    software exposed to the Internet.  Possibly relax this with a $2000
    bond forfeited along with connectivity at the first propagation
    of a worm or other spam.

  3. The effects of #1 and #2 include forcing all mail from the usual
    suspects through your own mail systems so that you can do as the
    credit card companies do.  Track SMTP envelope Mail_To values or
    other characteristics for each customer.  When you see a change,
    contact the customer by voice to check.

In practice, you could probably get by with detecting changes in mail
volumes, since a spam spew of 1 message/zombie is at least 10 and
probably 1000 times too low to be practical for high volume spammers.
As far as I can tell, the typical user sends only about a dozen
messages/day.

Of course, the fatal problem with this spam defense is that it is not
based on other people doing the work and paying the costs.  It is not
a coincidence that as far as I can tell Yahoo continues to be the most
important U.S. host for Nigerian 419 spammers or that Windows XP
practically requires or at least strongly encourages individual users
to run their browsers and MUAs as "administrator."  It is not a
coincidence that sender validating systems including those Yahoo and
Microsoft are based on the rest of the Internet doing most of the work.

The howls from the Special People who feel that they are entitled  to
Full Internet Connectivity at prices and terms they find comfortable
(and about the per capita income in large parts of the world) are also
related to the fundamental cause of all spam.  There would be no spam
problem including worms if every ISP would look after its own problems
by terminating all spammers including customers who let their machines
be "owned" or if all users were willing to pull their own weight instead
of expecting something for nothing.


Vernon Schryver    vjs@xxxxxxxxxxxx

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]