Re: [Asrg] Re: 6. Proposals: MTA MARK

["Tomi Panula-Ontto" <tomi@panula-ont.to>]

Yakov Shafranovich wrote:
----- Original Message ----- 
From: "Yakov Shafranovich" <research@solidmatrix.com>
To: "Tomi Panula-Ontto" <tomi@panula-ont.to>
Cc: <asrg@ietf.org>
Sent: Tuesday, December 09, 2003 10:03 PM
Subject: Re: [Asrg] Re: 6. Proposals: MTA MARK


> Tomi Panula-Ontto wrote:
> [..]
> > I don't know how spammers operate, but they really seem quite
> > professional at it, since whenever I have added a new RBL
> > sources to my blacklisting MTA the amount of spam is reduced
> > only for few days or perhaps weeks. Pretty soon, they are able
> > to reroute whole damn thing and we are back on the same level
> > we started from.
> >
> > And they are doing the very same thing in message headers,
> > the message itself. They are trying to keep ahead of the spam
> > prevention and they're really doing pretty good job there.
> > They get their living out of it.
> >
> > Do you really think they would not do it for LMAP? Or any
> > other means? Of course they will. As long as they can.
> > If there are easy, and relatively cheap ways to circumvent
> > a problem, then they'll do it.
> >
>
> If spam can be looked at as a disease than RBLs are treating the
> symptoms by listing IPs that are likely to abuse the network. LMAP, MTA
> MARK and related proposals are more geared towards treating the causes
> of the disease by addressing some of the architechtural issues on the
> Internet that allow spam to proliferate. For example, spammers are free
> to forge the MAIL FROM address with any domain in place. LMAP addresses
> this forgery issue forcing spammers to use their own domains. MTA MARK
> addresses the issue of hijacked computers being used for sending spam.

True, but actually, MTAMark and ReverseMX don't address the issue of
hijacked computers completely. It merely changes the situation so that
the hijacked computer will not take direct connections to the receiving
MTAs,
but instead spammers must try
a) to make the hijacked computers send messages via registered MTA for that
network
b) hijack the dns server (to register that hijacked computer)
c) hijack the registered MTA
d) any ideas?

Anyway, it'll limit their possibilities and will target their efforts
on compromising the MTAs, workstations and DNS servers.

> All of these simply reduce the freedom that spammers currently have to
> do their deeds. With that freedom reduced spammers will be left with
> less methods to be used, all of which would allow greater traceability.
> Combined with proper law enforcement, cooperating ISPs, and registrars,
> this can help reduce the problem by tracing spam to the real world.

One interesting point.. since spammers are knowledgeable and follow
their time - they are propably reading this list, too. Either archived
version
or the subscribed one. I wonder if any of the subscribers or IP addresses
in the list archive weblog can be tracked to spammers...

I don't mean to offend anyone, I just wonder what kind of security
additions they would suggest.





_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg