[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] [IP] do-not-email list canned

To: "Larry Seltzer" <larry at larryseltzer.com>, <gep2 at terabites.com>, <dave at farber.net>
Subject: Re: [Asrg] [IP] do-not-email list canned
From: "George Ou" <george_ou at netzero.com>
Date: Wed, 16 Jun 2004 17:19:44 -0700
Cc: carl at media.org, asrg at ietf.org
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <E1BajeN-0001Ib-00@ietf-mx>
Sender: asrg-bounces at ietf.org

---- Original Message ----- 
From: "Larry Seltzer" <larry at larryseltzer.com>
To: "'George Ou'" <george_ou at netzero.com>; <gep2 at terabites.com>;
<dave at farber.net>
Cc: <carl at media.org>; <asrg at ietf.org>
Sent: Wednesday, June 16, 2004 4:15 PM
Subject: RE: [Asrg] [IP] do-not-email list canned

> >>I'm curious to know how a zombie machine will have a legitimate SPF,
CallerID, or
> Domain Key.  Are you suggesting each worm/virus infected zombie will
somehow register
> it's own legitimate domain and authoritative DNS server?
>
> I've thought this over and the only possibility is that worms will start
to crack the
> cached SMTP AUTH credentials on the system and send through the ISP
account. This is
> possible although not easy. Whatever ISPs are left that don't require SMTP
AUTH will
> need to, but that's common sense.

Has anyone managed to put up a proof of concept worm that could do this?  I
suppose none exist right now because there is no need for it since there is
no wide scale deployment of any form of SMTP authentication.  But lets say
for the sake of argument that such a thing was possible and the zombie
machine would use the cached SMTP AUTH credentials to send spam via the
ISP's official SMTP server.  What is the likelihood that the official SMTP
server would allow a user to send out 10,000 messages a minute or even 100
messages a minute?  What is the likelihood that they would allow a user or a
hijacked machine to send to blast out to 100 recipients?  I'm sure if this
became widely abused, the ISP could easily put in some strict quotas for
ordinary users.  Bulk senders should register themselves with the ISP if
they wish to send legitimate bulk mail.  Again, this would be vastly
superior to the status quo where you have a free for all anybody gets to
play SMTP server for any domain they purport to be.

> Two points about this scenario: all the zombied mail will come from the
actual addfress
> of the user with the infected system, so they and their ISP will find out
about it very
> fast. Also, authentication will wipe out the existing endemic population
of mass-mailer
> worms.

And 80% of the world's SPAM since that is where the bulk of the SPAM is
coming from right now.

George Ou

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] [IP] do-not-email list canned
  - From: Alan DeKok

References:
- RE: [Asrg] [IP] do-not-email list canned
  - From: Larry Seltzer

Prev by Date: RE: [Asrg] [IP] do-not-email list canned
Next by Date: RE: [Asrg] [IP] do-not-email list canned
Previous by thread: RE: [Asrg] [IP] do-not-email list canned
Next by thread: Re: [Asrg] [IP] do-not-email list canned
Index(es):
- Date
- Thread