On Wed, Dec 10, 2003 at 02:51:11PM +0200, Tomi Panula-Ontto wrote:
True, but actually, MTAMark and ReverseMX don't address the issue of
hijacked computers completely. It merely changes the situation so that
the hijacked computer will not take direct connections to the receiving
MTAs,
but instead spammers must try
a) to make the hijacked computers send messages via registered MTA for that
network
b) hijack the dns server (to register that hijacked computer)
c) hijack the registered MTA
d) any ideas?
Anyway, it'll limit their possibilities and will target their efforts
on compromising the MTAs, workstations and DNS servers.
The key is:
MUA running machines are maintained by end-users.
MTA/DNS running machines are maintained by network administrators.
The MTA/DNS machines are likely to be orders of magnitude more safe from
attacks, due to correct configuration, choice of OS, up to date patch
sets...
There are also things like rate limiting which can help with the ISP's
MTA. As for DNS threats, if the DNS system begins to get attacked, this
will provide an incentive towards securing it (via DNSSEC, or some other
way). Threats to DNS is not really within our scope, and is being
handled by one of the DNS WGs.