RE: [Asrg] SMTP AUTH

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

> -----Original Message-----
> From: asrg-bounces at ietf.org [mailto:asrg-bounces at ietf.org] On 
> Behalf Of gep2 at terabites.com
> The problem with such "reputation" approaches is that they 
> cut both ways.  Aunt 
> Gertrude (presumably) HAD a good reputation, BEFORE her 
> system got infected with 
> a virus (in fact, spammers and worm authors probably COUNT on 
> the fact that the 
> system they're infecting HAD a good reputation;  that's part 
> of what enables 
> them to wreak the havoc they do).

OK, there is more than one problem to solve. But we have to start somewhere.
How do viruses spread in the first place? Mostly through spam. So there is a
value in breaking the cycle. If you need a botnet to acquire a botnet then
the problem is limited to the existing botnets and new entrants are
excluded.


> The fact that it IS infected today (and sending copies of 
> itself like mad, and 
> she maybe doesn't even know yet) doesn't make her LEGITIMATE mail she 
> occasionally is still sending out less legitimate or important.

OK HOW is it sending the spams out? Only way that is going to work is to
relay through the ISP so that the spams can take account of the ISP
reputation. It is not difficult to implement rate limiting at the ISP level.


> Antivirus programs generally only trigger on KNOWN exploits 
> and KNOWN code;  so 
> ALL viruses and worms are at their most virulent and most 
> dangerous BEFORE 
> they're detected by ANY of the flock of A-V programs out 
> there (not even talking 

That is not our enerprise config, all executable content is blocked. There
is a small window of vulnerability due to bugs swuch as the JPEG bug but
these are easily fixed through SMS patch updates.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg