On Feb 21, 2007, at 4:31 AM, Brian E Carpenter wrote:
On 2007-02-18 13:46, Tony Finch wrote:
On Sun, 18 Feb 2007, Harald Tveit Alvestrand wrote:
If this was effective, blacklists would have solved the spam
problem.
They are 90% effective
You what? Which Internet would that be?
Blacklists at the level of sending domains (or reputation systems
that function like blacklists) are a failure. Maybe you are
fortunate and dotat.at is not blacklisted. You won't feel so
fortunate when it does get blacklisted one day, if you happen to
find out why your mails are being dropped.
The preferred solution would be to abolish email black-hole lists,
and rely upon effective AUP enforcement of network providers that
prohibit bulk unsolicited messaging. Unfortunately some countries,
such as the United States for example, permit bulk unsolicited
messages following a few guidelines that are rarely enforced. In
addition, the US law also prevents victims of bulk unsolicited
messages from seeking relief in court, as only providers and the US
government have standing.
The level of bulk unsolicited messages exceed more than 90% of the
volume in many cases, where a majority commonly see figures in excess
of 80%. Without use of email black-hole lists, many systems become
saturated with unwanted messages. This is particularly true where
network bandwidth is the limiting factor. Both Sender-ID and DKIM
require entire messages to be received before acceptance criteria can
be applied. Methods to identify and filter messages based upon
originating email-addresses will not offer any relief, where a high
turnover of millions of domains every day makes this effort far less
effective as well.
Nevertheless, bulk unsolicited messages are also effective at
infecting or enticing victims. These messages must be stopped. No
email black-hole list can be 100% effective, but can eliminate much
more than two-thirds of this unwanted traffic. This reduction often
rescues resources needed for message analysis aimed at improving
basic security protections.
Black-hole lists also have false positives. At times, false
positives encourage network providers into either establishing or
enforcing AUPs that prohibit bulk unsolicited messages. Only network
providers can adequately deal with this problem, as the messages must
be prevented before they are sent. This remains an ugly and ongoing
process, where outright banning of bulk unsolicited messaging is
really the only practical solution. Such prohibitions can be effective.
At any point in time, about 2% of the sources are creating a
problem. Of course, these 2% are those not yet black-hole listed as
well. The amount of abuse from black-hole listed sources quickly
becomes nil. Black-hole listing the address space of providers that
ignore bulk unsolicited messages coming from their networks can also
be effective at eventually changing their policies. No source should
be listed for 5xx without first contracting the network provider as
determined by the ASN. The network provider is the only suitable
actor able to resolve this problem. Black-hole lists are just an
ugly band-aid. However, time and time again, the network provider's
role is ignored in the various email strategies.
Something that could greatly assist the network provider would be a
scheme that identifies the entity actively transmitting the
messages. The transmitter's IP address can become black-hole listed,
should the entity running the transmitter not become aware of a
problem. Transmitter identifiers would also benefit network
providers in that their customers could be directly contacted
instead. Unfortunately, the transmitter remains obscured in all the
emerging standards.
-Doug
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf