Re: spoofing email addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 30 May 2004 17:16:42 -0400
"Perry E. Metzger" <perry@xxxxxxxxxxxx> wrote:

> 
> Nathaniel Borenstein <nsb@xxxxxxxxxxxxx> writes:
> > This would be a very interesting philosophical argument if in
> > fact what we were discussing was something that could take a
> > significant bite out of spam.  In the absence of such an
> > ability, however, the real question is whether user accounts
> > should be crippled in the name of spam fighting when the
> > crippling *isn't* going to help significantly with the spam
> > problem.
> 
> But it will. Almost all of my spam comes via incompetent end
> users who've had their machines taken over by the bad guys.
> Blocking dynamic IP ranges also nukes a very large fraction of
> my spam.
> 

I really, really hesitate to suggest the following, I really hope
I'm not going to make the future happen by predicting it.

I'm just waiting for the next Outlook based (or alternatively, a
socially engineered executable based) worm that uses legitimate
email addresses and "legitimate" (in the sense of
"legitimate because TCP port 25 is not blocked") MTAs to send out
spam. Blocking TCP port 25 on dialup accounts (or any other
Internet service) will have no effect in mitigating these types
of attacks. Blocking TCP port 25 for ALL Internet access would be
the only way a traffic blocking technique would have any effect
in mitigating a spam delivery method like this.

> I think the easy solution is just to block port 25 unless
> someone asks for it to be opened. Average users have no idea
> what port 25 does or even what TCP is, so they won't care.
>

This isn't a bad idea, what it really does is adds a level of
manual, non-Internet, once-off authentication to the TCP port 25
service. The only question then is how well the authentication
procedures are followed. See Kevin Mitnick's book about those
problems.

Regards,
Mark.
 

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]