Re: Unplugging spamming PCs
Larry Pingree [25/06/04 12:47 -0700]: > > Authentication and Authorization are two separate and distinct > issues. TLS and Authentication have been around for quite a while, but > without centralized authorization it will never be deployed by disparate I'm sure the IETF MARID list would be delighted to hear it, if you have any --srs -- suresh ramasubramanian [EMAIL PROTECTED] gpg # EDEDEFB9 manager, security & antispam operations, outblaze limited
email server registry (was: RE: Unplugging spamming PCs)
On 2004-06-25T12:47-0700, Larry Pingree wrote: ) single customer that you want to have conversations with. Authorization ) must still be authorized by a third party agency which verifies ) validity between everyone involved in communications. You seem to be making a case for only accepting GPG-signed email, or at best only accepting SMTP connections over SSL with a certificate issued by a trusted CA. These both go to identity, though, not authorization. I do not see an obvious way for a third party to verify that two entities can validly communicate with each other--unless both entities are involved in making that decision, or both parties have agreed on some set of criteria beforehand. If you are simply after identity-tracking, there are ways to enforce that other than creating a new "email server registry." If you mean to suggest that you want someone else to decide who should be able to talk to you--using their own criteria--it does not sound like you are proposing something I would opt to be a part of. -- Daniel Reed <[EMAIL PROTECTED]> http://people.redhat.com/djr/ http://naim.n.ml.org/ There are people who do things and people who take the credit, and the trick is to be in the first group; there is a lot less competition. -- Dwight Morrow, American Diplomat
RE: Unplugging spamming PCs
Authentication and Authorization are two separate and distinct issues. TLS and Authentication have been around for quite a while, but without centralized authorization it will never be deployed by disparate corporations for inter-domain mail! This will not stop spam. Unless of course you want to manage user accounts or certificates with every single customer that you want to have conversations with. Authorization must still be authorized by a third party agency which verifies validity between everyone involved in communications. LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 25, 2004 12:14 PM To: Larry Pingree Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Unplugging spamming PCs On Fri, 25 Jun 2004 09:11:36 PDT, Larry Pingree said: > > What I am proposing is have a registry that you must register > with before other mail servers will accept mail from you. Similar to how > MAPS RBL works, but the mail server itself, enforces it, rather than a > firewall or a ancillary device ACL. This could be made a standard of > SMTP. Yet another "it won't do any good till everybody deploys it". http://www.rhyolite.com/anti-spam/you-might-be.html
Re: Unplugging spamming PCs
On Sat, 26 Jun 2004 00:15:37 +0800, Suresh Ramasubramanian said: > That's great. Let's all return to the good old days of X400 and UUCP I have to congratulate you... it's been a while since anybody's managed to bring back two entirely distinct sets of repressed nightmares in one line. :) pgpPcvC1R9J3d.pgp Description: PGP signature
Re: Unplugging spamming PCs
On Fri, 25 Jun 2004 09:11:36 PDT, Larry Pingree said: > > What I am proposing is have a registry that you must register > with before other mail servers will accept mail from you. Similar to how > MAPS RBL works, but the mail server itself, enforces it, rather than a > firewall or a ancillary device ACL. This could be made a standard of > SMTP. Yet another "it won't do any good till everybody deploys it". http://www.rhyolite.com/anti-spam/you-might-be.html pgpCbp2QR30lO.pgp Description: PGP signature
Re: Unplugging spamming PCs
Larry Pingree writes on 6/26/2004 12:11 AM: What I am proposing is have a registry that you must register with before other mail servers will accept mail from you. Similar to how MAPS RBL works, but the mail server itself, enforces it, rather than a firewall or a ancillary device ACL. This could be made a standard of SMTP. That's great. Let's all return to the good old days of X400 and UUCP -- suresh ramasubramanian [EMAIL PROTECTED] gpg EDEDEFB9 manager, security and antispam operations, outblaze ltd
RE: Unplugging spamming PCs
What I am proposing is have a registry that you must register with before other mail servers will accept mail from you. Similar to how MAPS RBL works, but the mail server itself, enforces it, rather than a firewall or a ancillary device ACL. This could be made a standard of SMTP. LP Best Regards, Larry Larry Pingree 408-543-2190 "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: Joe Shen [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 6:36 PM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: RE: Unplugging spamming PCs Hi, >Mail servers should be registered just like domains and shutdown by a >registrar if they are misusing their registered services. This really >needs to be handled by a multi-lateral legal solution, industry will not >fix it alone. No, I don't think this is good solution First of all, we could not ask customers to register everything they planned with leased line without legal reasons. Second, if I hire DSL/leased_line service from ISP and set up domain name for myself, ISP could not ask me to tell them which port should be opened as I'm not taking a firewalling service, I'm not a member of my service provider. I should be able to do anything that are not perhibited by law or affact someothers. Blocking_port_25 indicates ISP pre-assume that customers will SPAM their network. But, SPAMmer is just a very small group of people. Maybe most of them comes from other countries ( what happens in China). To me, the proper way of anti-spam may ask cooperation between ISPs and Email service providers. Anyway, strengthening anti-spam ability in Email server is a must. regards Joe > >LP > >Best Regards, > >Larry Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com
RE: Unplugging spamming PCs
Hi, >Mail servers should be registered just like domains and shutdown by a >registrar if they are misusing their registered services. This really >needs to be handled by a multi-lateral legal solution, industry will not >fix it alone. No, I don't think this is good solution First of all, we could not ask customers to register everything they planned with leased line without legal reasons. Second, if I hire DSL/leased_line service from ISP and set up domain name for myself, ISP could not ask me to tell them which port should be opened as I'm not taking a firewalling service, I'm not a member of my service provider. I should be able to do anything that are not perhibited by law or affact someothers. Blocking_port_25 indicates ISP pre-assume that customers will SPAM their network. But, SPAMmer is just a very small group of people. Maybe most of them comes from other countries ( what happens in China). To me, the proper way of anti-spam may ask cooperation between ISPs and Email service providers. Anyway, strengthening anti-spam ability in Email server is a must. regards Joe > >LP > >Best Regards, > >Larry Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com
RE: Unplugging spamming PCs
--On Thursday, June 24, 2004 12:08 PM -0700 Larry Pingree <[EMAIL PROTECTED]> wrote: Hi John, I'm not taking it to extremes. I'm talking about the middle of the road, and certainly spam is the on the top of the scales on everyone's statistics. I'm certainly not condoning or suggesting that the government control everything, and I'm not for absolutely no government involvement either. A balanced approach is most appropriate just as with anything there also can be regional registries similar to how ARIN is setup that allow inter-continental and inter-country registration. Unless someone can come up with a better idea, I see no other choice. FYI, we do already license IP's, through ARIN, APNIC, etc so that's already been done :) No. As much as I hate spam... it's not on the top of the list of things to fix. If the ARIN, APNIC, RIPE, LANIC, etc registries are so upto date and accurate, why would you need to license anything at layer 4 or above? You've already got the contact details for people responsible for routing packets to those devices. LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: John Payne [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 11:40 AM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: RE: Unplugging spamming PCs --On Thursday, June 24, 2004 11:17 AM -0700 Larry Pingree <[EMAIL PROTECTED]> wrote: Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. But why stop at email servers? spam is only one of the unsociable and illegal acts happening on the Internet. Why not license ownership of every IP capable device? That'll stop all forms of DoS (DDoS and otherwise too). Just to make sure, let's require that all vendors both inspect the license from their customers *and* notify the government on every purchase or upgrade. Hmm. Which government though? Better to be safe... you can't be sure which country the device is being installed in, or which country the packets flowing through the device will also visit. So let's require licenses from every country... and vendors to notify every government on every purchase or upgrade. Yep, that'll do the trick.
RE: Unplugging spamming PCs
Hi John, I'm not taking it to extremes. I'm talking about the middle of the road, and certainly spam is the on the top of the scales on everyone's statistics. I'm certainly not condoning or suggesting that the government control everything, and I'm not for absolutely no government involvement either. A balanced approach is most appropriate just as with anything there also can be regional registries similar to how ARIN is setup that allow inter-continental and inter-country registration. Unless someone can come up with a better idea, I see no other choice. FYI, we do already license IP's, through ARIN, APNIC, etc so that's already been done :) LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: John Payne [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 11:40 AM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: RE: Unplugging spamming PCs --On Thursday, June 24, 2004 11:17 AM -0700 Larry Pingree <[EMAIL PROTECTED]> wrote: > > Hi Joe, > > If only those who are approved email senders are allowed to be > accepted, this allows police, FBI, or DHS to go after only those who are > registered and abusing it. It's for the same purpose that we administer > car registrations, so that at the end of the day, someone is responsible > for the car. In this case, someone can be responsible for the domain and > mail server. In its current state, we are left way in the open. I don't > disagree that government control is un-desirable, but remember, at least > in my mind, even though it may be undesirable, it may be a necessary > action. Anyone know why we have to get a drivers license? How about a > passport? What about a SSN? All of these things are ways in which we > can have accountability. Without accountability we will remain in > anarchy. All that government does is bridge a gap when corporations, > which only do things for profit, will not collaborate on an appropriate > solution to a problem, even though one exists. But why stop at email servers? spam is only one of the unsociable and illegal acts happening on the Internet. Why not license ownership of every IP capable device? That'll stop all forms of DoS (DDoS and otherwise too). Just to make sure, let's require that all vendors both inspect the license from their customers *and* notify the government on every purchase or upgrade. Hmm. Which government though? Better to be safe... you can't be sure which country the device is being installed in, or which country the packets flowing through the device will also visit. So let's require licenses from every country... and vendors to notify every government on every purchase or upgrade. Yep, that'll do the trick.
Re: Unplugging spamming PCs
And all the spammers move to China where the FBI, DHS and police have no authority. Oh wait - you say they already have? ** Reply to message from "Larry Pingree" <[EMAIL PROTECTED]> on Thu, 24 Jun 2004 11:17:37 -0700 > Hi Joe, > > If only those who are approved email senders are allowed to be > accepted, this allows police, FBI, or DHS to go after only those who are > registered and abusing it. It's for the same purpose that we administer > car registrations, so that at the end of the day, someone is responsible > for the car. In this case, someone can be responsible for the domain and > mail server. In its current state, we are left way in the open. I don't > disagree that government control is un-desirable, but remember, at least > in my mind, even though it may be undesirable, it may be a necessary > action. Anyone know why we have to get a drivers license? How about a > passport? What about a SSN? All of these things are ways in which we > can have accountability. Without accountability we will remain in > anarchy. All that government does is bridge a gap when corporations, > which only do things for profit, will not collaborate on an appropriate > solution to a problem, even though one exists. > > -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
RE: Unplugging spamming PCs
--On Thursday, June 24, 2004 11:17 AM -0700 Larry Pingree <[EMAIL PROTECTED]> wrote: Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. But why stop at email servers? spam is only one of the unsociable and illegal acts happening on the Internet. Why not license ownership of every IP capable device? That'll stop all forms of DoS (DDoS and otherwise too). Just to make sure, let's require that all vendors both inspect the license from their customers *and* notify the government on every purchase or upgrade. Hmm. Which government though? Better to be safe... you can't be sure which country the device is being installed in, or which country the packets flowing through the device will also visit. So let's require licenses from every country... and vendors to notify every government on every purchase or upgrade. Yep, that'll do the trick.
RE: Unplugging spamming PCs
But if you telnet from an IP that is not registered, you would be denied. Thus at least eliminating many of the erroneous email servers out there on the DSL, dial-up and other broadband connections, this has been tried in the open with such things as MABS RBL, etc by blocking common spamming IP's and mail servers. But since it is not mandatory, it falls apart too easily. LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: Joe Hamelin [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 5:26 PM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: Re: Unplugging spamming PCs On Wed, 23 Jun 2004 16:40:23 -0700, Larry Pingree <[EMAIL PROTECTED]> wrote: > I agree with you it's a hard problem to solve. But unless there is > mandatory cooperation within mail server software (which can be > monitored) to interface with a registry of acceptable/registered sites, > then this model could work. I can telnet to a mailserver and send mail to that host without much thought. What good will a registry do? What will solve spam is getting some of these virus writers to actually write some code that will trash disks of poorly patched (if a at all) hosts. Let Darwin take over. -Joe
RE: Unplugging spamming PCs
Hi Joe, If only those who are approved email senders are allowed to be accepted, this allows police, FBI, or DHS to go after only those who are registered and abusing it. It's for the same purpose that we administer car registrations, so that at the end of the day, someone is responsible for the car. In this case, someone can be responsible for the domain and mail server. In its current state, we are left way in the open. I don't disagree that government control is un-desirable, but remember, at least in my mind, even though it may be undesirable, it may be a necessary action. Anyone know why we have to get a drivers license? How about a passport? What about a SSN? All of these things are ways in which we can have accountability. Without accountability we will remain in anarchy. All that government does is bridge a gap when corporations, which only do things for profit, will not collaborate on an appropriate solution to a problem, even though one exists. LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: Joe Hamelin [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 5:26 PM To: Larry Pingree Cc: [EMAIL PROTECTED] Subject: Re: Unplugging spamming PCs On Wed, 23 Jun 2004 16:40:23 -0700, Larry Pingree <[EMAIL PROTECTED]> wrote: > I agree with you it's a hard problem to solve. But unless there is > mandatory cooperation within mail server software (which can be > monitored) to interface with a registry of acceptable/registered sites, > then this model could work. I can telnet to a mailserver and send mail to that host without much thought. What good will a registry do? What will solve spam is getting some of these virus writers to actually write some code that will trash disks of poorly patched (if a at all) hosts. Let Darwin take over. -Joe
Re: Unplugging spamming PCs
> That sentence is A joke 15000 subscribers affected A joke? Doing hard time is no joke. > http://www.reuters.com/newsArticle.jhtml; > jsessionid=IPQ4NZVA4P24ACRBAELCFEY?type=technologyNews&storyID=5504916 Maybe I read the Russian wrong here http://www.echel.ru/news/?page=2&id=3421#3421 but it seemed to me like he was sentenced to two years with the possibility of early release after one year. Nevertheless, when you read the details of what he actually did, this is a real wakeup call for anyone in Russia who sends spam. The police take it as seriously as releasing viruses or worms. Wouldn't we all like to see our courts treat spammers this way? Write a few lines of PERL to pump out SPAM and go to jail. --Michael Dillon
Re: Unplugging spamming PCs
That sentence is A joke 15000 subscribers affected Court Convicts Obscene Text Messager http://www.reuters.com/newsArticle.jhtml;jsessionid=IPQ4NZVA4P24ACRBAELCFEY?type=technologyNews&storyID=5504916 --- [EMAIL PROTECTED] wrote: > > > And again, much of this comes down to enforcement. > When was the last > > time you heard of a spammer's domain being pulled? > How about the last > > time you saw a spammer be even remotely bothered > by having their > > domain pulled? Do you think they'll really care > less about losing a > > mail server when they've got another dozen lined > up ready and waiting? > > Well, just a couple of days ago I read about a > Russian court in > Chelyabinsk that sentenced a spammer to two years in > prison. It's > the first conviction under a Russian law that > forbids the use > of malicious software and the court felt that the > spamming scripts > used by this guy were malicious software. > > What he did was to send text messages to mobile > phone > subscribers of a single company by means of a web > gateway. > I think the main reason he was put on trial was > because the > mobile operator whose customers were getting the > spam and > whose gateway was being misused, went to the police > and > complained. How many ISPs in the USA go to the > police and > register official complaints about spammers? We have > lots > of smart people who can track down and identify > spammers > but it does no good unless the companies who suffer > damage > register an official police complaint. > > --Michael Dillon >
Re: Unplugging spamming PCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Larry Pingree wrote: | Mail servers should be registered just like domains and shutdown by a | registrar if they are misusing their registered services. This really | needs to be handled by a multi-lateral legal solution, industry will not | fix it alone. Very bad, very unworkable solution. There's just too many mail servers out there (legitimate ones) for this to be even remotely feasible. Systems like SPF are on the right tracks but it's still not a very elegant solution. My vote is still for some kind of public key authentication built around already existing protocols (TLS for example). The free e-mail providers would be number one on my list to implement this! It'd still be a lot of work and require total cooperation from the Internet community, however. Of course, if I knew a total solution that'd please everyone I wouldn't be sitting here writing this. I'd be sitting on my private Island in the South Pacific sipping cocktails :-) Chris - -- Chris Horry KG4TSM "You're original, with your own path [EMAIL PROTECTED] You're original, got your own way" PGP: DSA/2B4C654E-- Leftfield -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA2uFTnAAeGCtMZU4RAkB0AJ9Hg8Y/zK4KO7kBqqHyYrIMYqXlrACfbwnC owpXEEltr3LD7hdhEcMeitY= =G1Fw -END PGP SIGNATURE-
Re: Unplugging spamming PCs
> And again, much of this comes down to enforcement. When was the last > time you heard of a spammer's domain being pulled? How about the last > time you saw a spammer be even remotely bothered by having their > domain pulled? Do you think they'll really care less about losing a > mail server when they've got another dozen lined up ready and waiting? Well, just a couple of days ago I read about a Russian court in Chelyabinsk that sentenced a spammer to two years in prison. It's the first conviction under a Russian law that forbids the use of malicious software and the court felt that the spamming scripts used by this guy were malicious software. What he did was to send text messages to mobile phone subscribers of a single company by means of a web gateway. I think the main reason he was put on trial was because the mobile operator whose customers were getting the spam and whose gateway was being misused, went to the police and complained. How many ISPs in the USA go to the police and register official complaints about spammers? We have lots of smart people who can track down and identify spammers but it does no good unless the companies who suffer damage register an official police complaint. --Michael Dillon
Re: Unplugging spamming PCs
Larry Pingree wrote: > Can you suggest another method that would have more accuracy? I think > it's ridiculous that every service on the internet is provided without > any authentication and integrity services, if we allowed anyone to > call from anywhere within the telephone network, you'd have rampant > falsification, which is what we have today. It is these characteristics that has made the Internet work and grow the way it has. You comment about the telephone network; Erm, that's just the way it works today - the AAA is in the SS7/C7/etc. layer, similar to BGP in IP. The problem being raised in this thread is too old to solve this way. If e-mail was regulated from early on, then it may have worked. Now there are too many ways to get around any regulations proposed. Anyhow, I don't want my e-mail correspondants vetted and approved by a (never neutral) third party. Peter
Re: Unplugging spamming PCs
On Wed, 23 Jun 2004 16:40:23 -0700, Larry Pingree <[EMAIL PROTECTED]> wrote: > I agree with you it's a hard problem to solve. But unless there is > mandatory cooperation within mail server software (which can be > monitored) to interface with a registry of acceptable/registered sites, > then this model could work. I can telnet to a mailserver and send mail to that host without much thought. What good will a registry do? What will solve spam is getting some of these virus writers to actually write some code that will trash disks of poorly patched (if a at all) hosts. Let Darwin take over. -Joe
RE: Unplugging spamming PCs
Hi Peter, I agree with you it's a hard problem to solve. But unless there is mandatory cooperation within mail server software (which can be monitored) to interface with a registry of acceptable/registered sites, then this model could work. Is it perfect, no. And so far, I've not seen any technology that will solve this problem. So I default and say it's a problem that must be solved with agreements between countries that can provide registries that all (valid) mail servers must register. Then at least our spammer enforcement is dwindled down to those who go through some sort of process, that can be validated physically, i.e. Address, Company name, etc, etc... And then enforcement can be done only to those who misbehave that are validated and authenticated. Can you suggest another method that would have more accuracy? I think it's ridiculous that every service on the internet is provided without any authentication and integrity services, if we allowed anyone to call from anywhere within the telephone network, you'd have rampant falsification, which is what we have today. LP Best Regards, Larry Larry Pingree "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Corlett Sent: Wednesday, June 23, 2004 4:11 PM To: [EMAIL PROTECTED] Subject: Re: Unplugging spamming PCs Larry Pingree <[EMAIL PROTECTED]> wrote: > Mail servers should be registered just like domains and shutdown by > a registrar if they are misusing their registered services. This > really needs to be handled by a multi-lateral legal solution, > industry will not fix it alone. Yes, that's just what we need. More unworkable legislation that nobody'll bother to enforce in the intended manner anyway. It's not as if many of the things one has to do to spam effectively isn't already good for a few years behind bars, yet I don't exactly see prisons bulging with spammers. Let's suppose mail servers are registered like domains. What mechanism is there going to be in place to shut down the mail server if it starts misbehaving? Sending in the Marines? And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? -- PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key
Re: Unplugging spamming PCs
Larry Pingree <[EMAIL PROTECTED]> wrote: > Mail servers should be registered just like domains and shutdown by > a registrar if they are misusing their registered services. This > really needs to be handled by a multi-lateral legal solution, > industry will not fix it alone. Yes, that's just what we need. More unworkable legislation that nobody'll bother to enforce in the intended manner anyway. It's not as if many of the things one has to do to spam effectively isn't already good for a few years behind bars, yet I don't exactly see prisons bulging with spammers. Let's suppose mail servers are registered like domains. What mechanism is there going to be in place to shut down the mail server if it starts misbehaving? Sending in the Marines? And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? -- PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key
RE: Unplugging spamming PCs
Mail servers should be registered just like domains and shutdown by a registrar if they are misusing their registered services. This really needs to be handled by a multi-lateral legal solution, industry will not fix it alone. LP Best Regards, Larry Larry Pingree Partner Engineering Juniper Networks, Inc. 408-543-2190 "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree Juniper Networks Logo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Petri Helenius Sent: Wednesday, June 23, 2004 1:15 PM To: Sam Hayes Merritt, III Cc: [EMAIL PROTECTED] Subject: Re: Unplugging spamming PCs Sam Hayes Merritt, III wrote: > >Proactive would be blocking port 25 except to comcast.net's mail servers, >at least on retail users without static IPs, and then opening it up if >the customer cannot work around it by using comcast's mail server to send >out. Thats what responsible ISPs have done. > > No, that would be punishing before the crime happened. Responsible would be to punish swiftly after the fact, but not before. Pete
Re: Unplugging spamming PCs
Sam Hayes Merritt, III wrote: Proactive would be blocking port 25 except to comcast.net's mail servers, at least on retail users without static IPs, and then opening it up if the customer cannot work around it by using comcast's mail server to send out. Thats what responsible ISPs have done. No, that would be punishing before the crime happened. Responsible would be to punish swiftly after the fact, but not before. Pete
Re: Unplugging spamming PCs
At 10:07 AM 6/23/2004, Sam Hayes Merritt, III wrote: That is still reactive (first the abuse has to occur, then you try and filter anymore from occuring), at least they might be now be doing something that everyone else has been doing for years. To me, this smacks of an intent to continue ignoring the root cause of the problem(the box is 0wnz0r3d) and just shoving it under the rug. When these customers move to another provider, they will still have the problem, and the cost of educating the customer (w/r/t spam, virii, etc) gets shunted to the next ISP the customer moves to. ~Ben --- Ben Browning <[EMAIL PROTECTED]> The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Re: Unplugging spamming PCs
warning. this is about spamming pc's. hit D now. > [comcast] [is] definitely not taking the "hard line against spam" either, > but at least they are making an effort. sure, if you mean their marketing department is making an effort to insulate their sales department from decreasing revenue by taking a hard line against spam, and to insulate their eng/ops from increasing costs by taking a hard line against spam. this group of vendors wants to stamp out what they call "wild spam" in order to make the world safe for pink contracts and what we call "mainsleaze spam". as long as it doesn't increase their costs or decrease their revenues that is. yahoo domainkeys and microsoft callerid are wonderful technologies if you care about preventing the yahoo and microsoft domain/trademark names from being diluted by spammers. but even at full implementation, the only impact will be to protect domainholders against sender-forgery, at which point the spammers will have to use real domain names they get from .biz at $5 each, and the total spam sent continue to rise month by month. and what a marketing triumph THAT will be. -- Paul Vixie
Re: Unplugging spamming PCs
My bad! I was too busy with that pesky little thing called "work" to scrutinize my grammar before I sent ;-) It is reactive, but they are at least doing something. Completely blocking port 25 (except to comcast mail servers) will stop zombies, but not people intentionally sending spam. Anyone with a shell account can still forward traffic from an arbitrary port to 25 on an open relay. They are definitely not taking the "hard line against spam" either, but at least they are making an effort. On Wed, 23 Jun 2004 12:07:27 -0500 (CDT), Sam Hayes Merritt, III <[EMAIL PROTECTED]> wrote: > > > On Wed, 23 Jun 2004, Brett wrote: > > > At least they now realize they are one of the worst and are finally > > becoming proactive: > > > > http://zdnet.com.com/2100-1104-5230615.html > > > > They are also starting to block port 25. > > That is still reactive (first the abuse has to occur, then you try and > filter anymore from occuring), at least they might be now be doing > something that everyone else has been doing for years. > > So far today we've only blocked 3381 attempts from dynamic comcast.net > space to send email to our users. > > Proactive would be blocking port 25 except to comcast.net's mail servers, > at least on retail users without static IPs, and then opening it up if > the customer cannot work around it by using comcast's mail server to send > out. Thats what responsible ISPs have done. > > > sam > >
Re: Unplugging spamming PCs
According to my daily log reports, I cannot tell! Comcast persistently remains the number 1 source of zombie spamming to my network. == Our Anti-spam solution works!! http://www.clickdoug.com/mailfilter.cfm For hosting solutions http://www.clickdoug.com http://www.forta.com/cf/isp/isp.cfm?isp_id=1069 == : : At least they now realize they are one of the worst and are finally : becoming proactive: : : http://zdnet.com.com/2100-1104-5230615.html : : They are also starting to block port 25. : : -b : : : On Wed, 23 Jun 2004 12:27:50 -0400, William Warren : <[EMAIL PROTECTED]> wrote: : > : > : > one of those members is comcast..the #1 source of spam for a : > while running..ironic isn't it? : > : > : > : > Hank Nussbacher wrote: : > : > > http://www.cnn.com/2004/TECH/internet/06/22/tech.spam.reut/index.html : > > : > > "Consumers who allow their infected computers to send out millions of : > > "spam" messages could be unplugged from the Internet under a proposal : > > released Tuesday by six large e-mail providers." : > > : > > -Hank : > > : > : > -- : > My "Foundation" verse: : > Isa 54:17 No weapon that is formed against thee shall prosper; : > and every tongue that shall rise against thee in judgment thou : > shalt condemn. This is the heritage of the servants of the LORD, : > and their righteousness is of me, saith the LORD. : > : > -- carpe ductum -- "Grab the tape" : > : :
Re: Unplugging spamming PCs
On Wed, 23 Jun 2004, Brett wrote: > At least they now realize they are one of the worst and are finally > becoming proactive: > > http://zdnet.com.com/2100-1104-5230615.html > > They are also starting to block port 25. That is still reactive (first the abuse has to occur, then you try and filter anymore from occuring), at least they might be now be doing something that everyone else has been doing for years. So far today we've only blocked 3381 attempts from dynamic comcast.net space to send email to our users. Proactive would be blocking port 25 except to comcast.net's mail servers, at least on retail users without static IPs, and then opening it up if the customer cannot work around it by using comcast's mail server to send out. Thats what responsible ISPs have done. sam
Re: Unplugging spamming PCs
At least they now realize they are one of the worst and are finally becoming proactive: http://zdnet.com.com/2100-1104-5230615.html They are also starting to block port 25. -b On Wed, 23 Jun 2004 12:27:50 -0400, William Warren <[EMAIL PROTECTED]> wrote: > > > one of those members is comcast..the #1 source of spam for a > while running..ironic isn't it? > > > > Hank Nussbacher wrote: > > > http://www.cnn.com/2004/TECH/internet/06/22/tech.spam.reut/index.html > > > > "Consumers who allow their infected computers to send out millions of > > "spam" messages could be unplugged from the Internet under a proposal > > released Tuesday by six large e-mail providers." > > > > -Hank > > > > -- > My "Foundation" verse: > Isa 54:17 No weapon that is formed against thee shall prosper; > and every tongue that shall rise against thee in judgment thou > shalt condemn. This is the heritage of the servants of the LORD, > and their righteousness is of me, saith the LORD. > > -- carpe ductum -- "Grab the tape" >
Re: Unplugging spamming PCs
one of those members is comcast..the #1 source of spam for a while running..ironic isn't it? Hank Nussbacher wrote: http://www.cnn.com/2004/TECH/internet/06/22/tech.spam.reut/index.html "Consumers who allow their infected computers to send out millions of "spam" messages could be unplugged from the Internet under a proposal released Tuesday by six large e-mail providers." -Hank -- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape"