[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] About that e-postage draft [POSTAGE]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] About that e-postage draft [POSTAGE]
From: Rich Kulawiec <rsk at gsp.org>
Date: Wed, 18 Feb 2009 13:03:58 -0500
Delivered-to: asrg at core3.amsl.com
In-reply-to: <20090213142121.GB94816 at verdi>
List-archive: <http://www.irtf.org/mail-archive/web/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <20090212142133.GV52653 at verdi> <20090212215841.11637.qmail at simone.iecc.com> <20090213134025.GB10598 at gsp.org> <20090213142121.GB94816 at verdi>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
User-agent: Mutt/1.5.18 (2008-05-17)

On Fri, Feb 13, 2009 at 09:21:21AM -0500, John Leslie wrote:
>    Remember, presentation of a bad token is a much clearer indication
> of evil intent: a few dozen should suffice for blocklisting. It's
> quite practical to blocklist 100 million IPs, at which point the
> problem will start to disappear. Computers blocklisted this way will
> pretty much be forced into going through a relay MTA with which they
> have a contractual relationship -- which removes the problem from
> the "botted-MTA" territory.

Blacklisting those 100 million IPs -- which most sensible folks did
years ago, either by subdomain, regexp, IP, DNSBL or some mechanism --
has not forced them to go through relay MTAs.  The only thing that will
force them to through relay MTAs are router/firewall rulesets on the
networks within which they reside.

However, suppose -- against all experience -- that actually happens.
(And that'd be a good thing, so I'm not arguing against; it's just
that if it were going to happen, I think it would have happened within
a few months of the rise of the zombies.)

In that case, every relay MTA you see will present "a few dozen"
bogus tokens very shortly thereafter, because some/most/all of those
100 million IPs will now be sending through them.  Do you plan to
blacklist all those relay MTAs?

If so, then you could just do that now and skip the exercise.

If not, then you're going to have to still do it the hard way.

---Rsk

Follow-Ups:
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: John Leslie

References:
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: John Leslie
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: John Levine
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: Rich Kulawiec
- Re: [Asrg] About that e-postage draft [POSTAGE]
  - From: John Leslie

Prev by Date: Re: [Asrg] About that e-postage draft [POSTAGE]
Next by Date: Re: [Asrg] About that e-postage draft [POSTAGE]
Previous by thread: Re: [Asrg] About that e-postage draft [POSTAGE]
Next by thread: Re: [Asrg] About that e-postage draft [POSTAGE]
Index(es):
- Date
- Thread