On Sun, 30 May 2004 17:16:42 -0400 "Perry E. Metzger" <perry@xxxxxxxxxxxx> wrote: > > Nathaniel Borenstein <nsb@xxxxxxxxxxxxx> writes: > > This would be a very interesting philosophical argument if in > > fact what we were discussing was something that could take a > > significant bite out of spam. In the absence of such an > > ability, however, the real question is whether user accounts > > should be crippled in the name of spam fighting when the > > crippling *isn't* going to help significantly with the spam > > problem. > > But it will. Almost all of my spam comes via incompetent end > users who've had their machines taken over by the bad guys. > Blocking dynamic IP ranges also nukes a very large fraction of > my spam. > I really, really hesitate to suggest the following, I really hope I'm not going to make the future happen by predicting it. I'm just waiting for the next Outlook based (or alternatively, a socially engineered executable based) worm that uses legitimate email addresses and "legitimate" (in the sense of "legitimate because TCP port 25 is not blocked") MTAs to send out spam. Blocking TCP port 25 on dialup accounts (or any other Internet service) will have no effect in mitigating these types of attacks. Blocking TCP port 25 for ALL Internet access would be the only way a traffic blocking technique would have any effect in mitigating a spam delivery method like this. > I think the easy solution is just to block port 25 unless > someone asks for it to be opened. Average users have no idea > what port 25 does or even what TCP is, so they won't care. > This isn't a bad idea, what it really does is adds a level of manual, non-Internet, once-off authentication to the TCP port 25 service. The only question then is how well the authentication procedures are followed. See Kevin Mitnick's book about those problems. Regards, Mark. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf