[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Re: 6. Proposals - Pull System (revisited)

To: "Dag Kihlman" <dag.kihlman@htu.se>, <asrg@ietf.org>
Subject: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
From: "Chris" <asrg@rebel.com.au>
Date: Mon, 1 Dec 2003 10:40:37 +1030
Importance: Normal
In-reply-to: <000f01c3b734$c9e16480$0f5ad3d9@Klokburken2>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

> If I want to install a pull server I ought to subscribe to a static IP
> address and pay some fee for having the ports opened. (The market will
make
> this fee reasonable)

You would have to enact a law that states fees must be charged.
That would only be valid in the country where the law is enforced.

no ISP is going to start charging for a service he now provides essentially
free. not if he wants to stay in business.

and where does this fee get applied ?

the ISP. his provider?, backbone providers?

I could see this fee very quickly concentrating into a few hands, and then
we have a monopolisation occuring.

how would it be charged ?

per port?, per email?

> >  Pull systems do not change this behaviour.  See recent spammer
> >behaviour of hosting web sites on trojaned machines.  They could just
> >as easily host mail for a "pull" system on the trojaned machine.
>

Trojaned machines are a major setback to any anti spam e-mail system.
regardless of type because they run with the parent machines permissions.

I have personally been IP blacklisted because my mail system was on the same
shared machine as a vulnerable formmail script
(exactly the same effect as a trojan)

This problem is not confined to owners of windows desktop machines. ISP's
have it as well no matter what they run.

I don't see how any technical sender verification system can overcome this.
please feel free to enlighten me if one comes to mind.
(most I can think of would rely on forcing the ISP to play our way not
theirs)

A big legal stick may force ISP's to be more careful about allowing users
access to formmail etc. or smtp but thats not a technological solution, and
again only applicable where the law is enforced.

At least one benefit of a pull system is that the sender can't be dummied
even by a trojan. it may take over the the resources but incoming bounces
"message denied" etc.. will make it abundantly clear to the user that his
machine has been trojaned.

as it stands a trojan can take over a machine quietly send out e-mails,
return address them to no-one or some other joe and no one is the wiser. not
even the user unless his resource are exhausted by the trojan.

Regards
Chris

> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org]On Behalf Of Dag
> Kihlman
> Sent: Sunday, November 30, 2003 9:56 PM
> To: asrg@ietf.org
> Subject: Re: [Asrg] Re: 6. Proposals - Pull System (revisited)
>
>
> "Alan DeKok" <aland@ox.org> wrote:
>
> >"Dag Kihlman" <dag.kihlman@htu.se> wrote:
> >> The failing of SMTP is that it allows the sender to cheat or lie. Any
> >> authentication in SMTP is just authentication in an academic sense. In
> >> reality spammers will hack even more than today and send using fully
> >> authenticated mail servers.
>
> >  Pull systems do not change this behaviour.  See recent spammer
> >behaviour of hosting web sites on trojaned machines.  They could just
> >as easily host mail for a "pull" system on the trojaned machine.
>
> >  The benefits of a pull system are different.  It allows recipients
> >to do things like wait 12 hours to pick up mail from unknown senders,
> >at which point the trojaned machine probably has a different IP, and
> >thus can't send the spam.
>
> Why on earth should computers with dynamic IP addresses be allowed to host
> mail in a pull system??? My suggestion was that all traffic to the pull
> server ports are forbidden to dynamic IP addresses. The ISP:s must enforce
> this rule or they will be cut off too.
>
> >at which point the trojaned machine probably has a different IP
> No, no, no!!! Do not trust on that! In theory I have a dynamic IP-address.
> In reality it has not changed for three months. Several of my friends
> experience the same thing. Your suggestion makes mine and tens of
> thousands
> similar cable modem machines honey pots for spammers. With my suggestion
> they are uninteresting. The fewer the honey pots are the more
> costly it will
> be to find them and the fewer the spammers will be.
>
> If I want to install a pull server I ought to subscribe to a static IP
> address and pay some fee for having the ports opened. (The market
> will make
> this fee reasonable)
>
> When I say spammers can not lie in a pull system I mean they must
> be honest
> about their IP-address. Any other honesty is unfortunately not possible on
> the Internet.
>
> /DK
>
>
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
  - From: Chris

References:
- Re: [Asrg] Re: 6. Proposals - Pull System (revisited)
  - From: Dag Kihlman

Prev by Date: Re: [Asrg] Re: 6. Proposals: LMTP proposals
Next by Date: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)
Previous by thread: Re: [Asrg] Re: 6. Proposals - Pull System (revisited)
Next by thread: RE: [Asrg] Re: 6. Proposals - Pull System (revisited)
Index(es):
- Date
- Thread