Re: [Asrg] [IP] 4 Rivals Almost United on Ways to Fight Spam

[Markus Stumpf <maex-lists-spam-ietf-asrg at Space.Net>]

On Mon, Jun 28, 2004 at 09:11:58PM +0200, Peter J. Holzer wrote:
> * A domain-based scheme protects the domain. By publishing an SPF record
>   for hjp.at I protect my domain from being abused by spammers and
>   worms - that will safe me from lots of bounces. (IF spf is actually
>   used to reject messages at the SMTP level)

Out of 6,900,000 DE domains, how many owners of that domains will
be able to produce correct SPF records? How many of them will be
able to put them into their domain?
We manage about 25000 domains for our customers. I'd guess roughly
5% of them will be able to provide enough and correct information
for *us* to add the records for them.
They use on demand dialin accounts where they get the mailserver to use
per PPPoptions. They use 10 different providers a week to dialin. Do you
expect they know which IP addresses to add to their SPF records?

We have a contact sheet that is in the error message for blocked
messages *only* to the space.net domain. About 50% of the contacts
don't know what an IP address is and wither use "www.example.org"
or "hu? what is an IP address?".

So, how fast do you wish to deploy a SPF like mechanism and who will
benefit from it? And it is so easy for spammers to use the 90% of
domains without SPF records and abuse them. From recent statistics I
have made from out mailserver only a total of 15% of the spam mails
is from the "big players" ... all else are tiny domains or throwaway
domains. And: SPF like schemes only help with accredidation systems,
as it does not prvent spammers from buying 5000 domains like
  excitinginternetnews.com
  excitingproductline.com
  excitingproductpromotion.com
  excitingpromotion.com
  exclusiveassistance.com
  exclusivenetnews.com
  enormousdistributor.com
  enormousmagic.com
  enormousproductservices.com
  famousproductservices.com
  fascinatingassistance.com
  fascinatingpromotions.com
  [ ... ]
adding shot-TTL SPF records and blasting them through 0wned hosts.
Oh, I forgot, then you have authentity and can make the owner of the
domain liable, like in
    Administrative Contact:
	Huang GuiFang
	#101 Unit 1 NO.12 Century Garden,
	Long cheng Str.
	Shun Cheng  district
	Fu shun Liaoning 113006
	China
	tel: 86 413 7480040
	fax: 86 413 7480040
	huangjack1 at 126.com
or how about
   Administrative Contact
        Leduc Jean
        Mr Jean Leduc
        Azareih Bldg
        Beirut (LB)
        8402 2045
        9611303822
        9611303823
        N-152831khbf at usersa5.namescout.com

> Mostly I think, MTA-Mark will be beneficial to business customers of
> cable- and dsl providers. They are often in the same address block as
> private customers, so they are increasingly blocked by DULs. If MTA mark
> was widely deployed, DULs would become obsolete and MTA mark can be much
> more fine-grained.

MTAMARK will be most useful to protect non-dialup IP space. Dialup IP
space probably should have port 25 outgoing blocked.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg