[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] filtering at connect time

To: "Brad Templeton" <brad@templetons.com>
Subject: Re: [Asrg] filtering at connect time
From: "Dr. Jeffrey Race" <jrace@attglobal.net>
Date: Wed, 05 Mar 2003 21:18:20 +0700
Cc: "asrg@ietf.org" <asrg@ietf.org>, "Vernon Schryver" <vjs@calcite.rhyolite.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Priority: Normal
Reply-to: "Dr. Jeffrey Race" <jrace@attglobal.net>
Sender: asrg-admin@ietf.org

See inline comments please

On Tue, 4 Mar 2003 18:33:37 -0800, Brad Templeton wrote:

>The draft I proposed allows open relays for those who wish to use
>them, though they can't run mailing lists from them.  So I suggest
>it is not inherent that open mail relays must be closed.

I have consulted with the experts on Spam-L and my conclusion from
the vigorous response there is that they have to be closed, for
reasons noted below.
>
>Plus it's an interesting precedent.  For example, if you run MS
>Windows as found on the CD, your machine can be invaded and used
>as a base for DDOS.  Should you be sued over this? 

Yes if your negligence produced injury; it is a tort and you
are subject to civil suit to recover damages.  There have already
been suits like this, quite properly.   If you (as the negligent
party) had a legal duty of care, e.g. a hospital administrator,
and your negligence resulted in death, you could conceivably
face criminal charges.   If my mother died because some idiot
hospital sysadmin was runnin Win98 on DSL without a firewall, you
can be sure I'd be in the public prosecutor's office the day after
the funeral.  (So would you, I expect.)

>Should Microsoft?

Their lawyers too clever.  Read the shrinkwrap license: you waive
all your legal rights.

>What about after patches become available?

Depends on the facts establishing the degree of negligence.

>
>It's messy.

Only the facts of particular cases.  The law is clear.

>
>Anyway, the point is the open relay operators are not doing things
>deliberately.  

Latest stats show over 200,000 open relays.   Most exist through
negligence, stupidity, laziness and the like.  (Basically, unwillingness
to RTFM.)

>They don't want to relay spam.

The drunk drivers don't want to kill people but they still do and
they still go to prison for it.

>They are spammer's
>victims.

I'm glad you're not a Judge!

  If possible, we should try to help them.   Forcing them
>all to close is something to be done only if we have exhausted all
>ways to solve the problem.

Forcing them to close is the first thing to do.  See
<http://www.camblab.com/nugget/spam_03.pdf>

>
>Plus there are "open" relay operators who state they have put in
>throttles which stop spammers (or anybody untrusted) from sending
>large volumes of mail through the relay. 

I have queried Spam-L experts about this.   One of the top technical
people on that list states:

 "I have seen more than one "rate limited" open relay being hit badly
  by spam - the spammer just throttles down his mailing speed through 
  the relay.  Throttling a mailserver so badly that spam will definitely
  not get through will also throttle a lot of legit mail going through 
  that relay."

> Yet the blacklist relay
>testers don't test a large volume, they test a single message, and
>blacklist the relay even though it is not practical for spammers
>to use it.

I have verified from Spam-L that  many/most open-relay testers only
test whether a sending IP address is an open relay after getting a
spam in hand.   However there are indeed open-relay testers that
test routinely without provocation, apparently as a self-defense
measure.

The question therefore becomes whether there is ANY reason to have
an open relay, even a rate-limited one.   Is there any way to
preserve functionality for legitimate relay users while denying
access to strangers?   Yes, one can password-protect access.  There
are other ways to (e.g. whitelisting only certain accessing IP
addresses).

The question therefore becomes, given that there is need for relays
and that there is a simple method of access control, why are there
any relays, intended to serve legitimate users, which are still
open?

The answer from a famous Spam-L poster:

 "Lack of competence"

If you believe this analysis is incorrect I will be pleased to replay
your reply over there, or you can show up yourself.  Please don
flame-resistant suit first; there is a very low tolerance on Spam-L
for fuzzy and wishful thinking.  The general attitude toward spammers
and enablers is "heads on pikes"  :)

Jeffrey Race

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] filtering at connect time
  - From: Vernon Schryver

Prev by Date: Re: False positives (was Re: [Asrg] Re: RMX Records)
Next by Date: Re: False positives (was Re: [Asrg] Re: RMX Records)
Previous by thread: Re: [Asrg] filtering at connect time
Next by thread: Re: [Asrg] filtering at connect time
Index(es):
- Date
- Thread