Re: What changes would you make to stop spam? - United Nations Paper
From: "Magnus Holmgren" <[EMAIL PROTECTED]> For that matter, how in would an IMAP MUA handle BCC? {^_-} In much the same way as when you send mail with sendmail -t, I suppose. The MUA adds a Bcc field and the IMAP server removes it. That means the IMAP server must communicate with two SMTP files, data and envelope. It has to become an SMTP server itself. It can be a dumb one, though. It seels like an incredible amount of work for no net gain and considerable net pain. You still have to have sendmail or an equivalent. You need all new IMAP servers. Your MUAs have to learn to drive those all new IMAP servers. And both users and sysadmins will rebel. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
On Friday 04 August 2006 05:06, jdow took the opportunity to say: > From: "Kenneth Porter" <[EMAIL PROTECTED]> > > > --On Wednesday, August 02, 2006 12:02 PM -0700 MennovB > > <[EMAIL PROTECTED]> > > > > wrote: > >> Anyway, IMHO with SYN throttle you would only be rate-limiting the > >> zombies, I would rather they stopped sending spam completely.. > > > > What I don't understand is how making them use the ISP server stops them > > from spamming any more than rate-limiting direct port 25 connections. Why > > do the packets need to be reassembled in an MTA and stored and forwarded? > > What does that step buy you? > > For that matter, how in would an IMAP MUA handle BCC? > {^_-} In much the same way as when you send mail with sendmail -t, I suppose. The MUA adds a Bcc field and the IMAP server removes it. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpU1sovgXvn2.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
On Fri, August 4, 2006 05:06, jdow wrote: > For that matter, how in would an IMAP MUA handle BCC? the exact same way as squirrelmaill :-) -- Benny
Re: What changes would you make to stop spam? - United Nations Paper
John Rudd wrote: I've been re-thinking Marc's "IMAP for sending, instead of SMTP" proposal. And this "block Bcc" part got me thinking even more. I think he may be on to something. But lets take it one step further. Email via fingerd. That'll throw off the spammers. Wouldn't identd be more apropos? And to slow down their spam-bot attacks, I propose we replace the internet backbones with the long-proposed-but-never-implemented IP-via-carrier-pigeon. We'll need an authentication scheme to go with this. I'm going to suggest a GSSAPI method for wax envelope seals. Perfect for carrier pigeon packets. And _EACH_ packet is individually authenticated. PERFECT! RFC 1149, I had forgotten about that! This *could* be the answer. And we'll send preferred traffic (because we hate net neutrality!) over bongo-net. Or better yet, use mockingbirds instead of pigeons, I think this new internet architecture will stop the spammers in their tracks. No, really, it will. Either that or get them shat on, which would be a messy affair. :-D /me goes back to lurking... -- Craig
Re: What changes would you make to stop spam? - United Nations Paper
On Aug 3, 2006, at 11:16 PM, [EMAIL PROTECTED] wrote: From: "Kenneth Porter" <[EMAIL PROTECTED]> --On Wednesday, August 02, 2006 12:02 PM -0700 MennovB <[EMAIL PROTECTED]> wrote: Anyway, IMHO with SYN throttle you would only be rate-limiting the zombies, I would rather they stopped sending spam completely.. What I don't understand is how making them use the ISP server stops them from spamming any more than rate-limiting direct port 25 connections. Why do the packets need to be reassembled in an MTA and stored and forwarded? What does that step buy you? For that matter, how in would an IMAP MUA handle BCC? {^_-} Hi, since a certain amount of spam I get is just bcc'd, making bcc harder could reduce spam :) I've been re-thinking Marc's "IMAP for sending, instead of SMTP" proposal. And this "block Bcc" part got me thinking even more. I think he may be on to something. But lets take it one step further. Email via fingerd. That'll throw off the spammers. And to slow down their spam-bot attacks, I propose we replace the internet backbones with the long-proposed-but-never-implemented IP-via-carrier-pigeon. We'll need an authentication scheme to go with this. I'm going to suggest a GSSAPI method for wax envelope seals. Perfect for carrier pigeon packets. And _EACH_ packet is individually authenticated. PERFECT! And we'll send preferred traffic (because we hate net neutrality!) over bongo-net. I think this new internet architecture will stop the spammers in their tracks. No, really, it will.
Re: What changes would you make to stop spam? - United Nations Paper
>> From: "Kenneth Porter" <[EMAIL PROTECTED]> >> >> > --On Wednesday, August 02, 2006 12:02 PM -0700 MennovB <[EMAIL PROTECTED]> >> > wrote: >> > >> >> Anyway, IMHO with SYN throttle you would only be rate-limiting the >> >> zombies, I would rather they stopped sending spam completely.. >> > >> > What I don't understand is how making them use the ISP server stops them >> > from spamming any more than rate-limiting direct port 25 connections. Why >> > do the packets need to be reassembled in an MTA and stored and forwarded? >> > What does that step buy you? >> >> For that matter, how in would an IMAP MUA handle BCC? >> {^_-} >> Hi, since a certain amount of spam I get is just bcc'd, making bcc harder could reduce spam :) or make spammers rethink their methods :( Wolfgang Hamann
Re: What changes would you make to stop spam? - United Nations Paper
From: "Kenneth Porter" <[EMAIL PROTECTED]> --On Thursday, August 03, 2006 6:43 AM +0100 Graham Murray <[EMAIL PROTECTED]> wrote: ADSL is both always on and a 'fixed' (ie your phone line is physically connected to a DSLAM port) so the ISPs must have sufficient IP addresses for all their ADSL customers. Not necessarily. A lot of providers have gone to PPPoE, where one goes through an authentication process before being assigned an address. I'm guessing this is intended to allow metering of the connection, not to make more addresses available. It prevents rogue access. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Kenneth Porter" <[EMAIL PROTECTED]> --On Wednesday, August 02, 2006 2:47 PM -0700 jdow <[EMAIL PROTECTED]> wrote: That slightly more than a year I spent as perhaps one of the VERY first online stalking victims ever (1985-1987) was a hell I'd rather not repeat. Is this written up somewhere? I'd be interested in understanding the threat. Brock Meeks (former MSNBC Chief Washington Correspondent) wrote it up in about 1987. If you can contact him he might have a writeup around. All I have, if I can find it, is a printed copy. And given copyright laws I'm not going to type it into a computer and post it. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Kenneth Porter" <[EMAIL PROTECTED]> --On Wednesday, August 02, 2006 12:02 PM -0700 MennovB <[EMAIL PROTECTED]> wrote: Anyway, IMHO with SYN throttle you would only be rate-limiting the zombies, I would rather they stopped sending spam completely.. What I don't understand is how making them use the ISP server stops them from spamming any more than rate-limiting direct port 25 connections. Why do the packets need to be reassembled in an MTA and stored and forwarded? What does that step buy you? For that matter, how in would an IMAP MUA handle BCC? {^_-}
Re: What changes would you make to stop spam? - United Nations Paper
From: "MennovB" <[EMAIL PROTECTED]> jdow wrote: The direct in that case is probably the fault of the underlying cable provider more than Earthlink. Did the spam come through the Earthlink servers or merely from an address that claimed to be Earthlink? By the way, there is no such address as "cable.earthlink.net". The address may have been spoofed. Of course cable.earthlink.net does not exist, you must be joking ;-) and no ===8<--- [EMAIL PROTECTED] ~]$ ping cable.earthlink.net ping: unknown host cable.earthlink.net [EMAIL PROTECTED] ~]$ [EMAIL PROTECTED] ~]$ host cable.earthlink.net [EMAIL PROTECTED] ~]$ dig cable.earthlink.net any ; <<>> DiG 9.3.1 <<>> cable.earthlink.net any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32859 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;cable.earthlink.net. IN ANY ;; ANSWER SECTION: cable.earthlink.net.86400 IN NS itchy.earthlink.net. cable.earthlink.net.86400 IN NS scratchy.earthlink.net. cable.earthlink.net.86400 IN SOA itchy.earthlink.net. hostmaster.earthlink.net. 2005031800 86400 3600 2592000 86400 ;; AUTHORITY SECTION: cable.earthlink.net.86400 IN NS scratchy.earthlink.net. cable.earthlink.net.86400 IN NS itchy.earthlink.net. ;; ADDITIONAL SECTION: itchy.earthlink.net.1484IN A 207.69.188.196 scratchy.earthlink.net. 1484IN A 207.69.188.197 ;; Query time: 34 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 3 19:59:24 2006 ;; MSG SIZE rcvd: 187 [EMAIL PROTECTED] ~]$ whois 24.41.24.117 [Querying whois.arin.net] [whois.arin.net] EarthLink Network, Inc. EARTHLINK-CABLE (NET-24-41-0-0-1) 24.41.0.0 - 24.41.95.255 Charter Cable/Monterey Park LAN CBLMPLAN-USER0134 (NET-24-41-24-112-1) 24.41.24.112 - 24.41.24.119 ===8<--- No, I am not kidding or joking. It apparently does not exist. (Although the response to "host" is intrigueing.) The dig any report shows it "exists" but has no address of its own. Go figure. If it has no address how can it be sent from cable.earthlink.net. I guess only its subdomains exist. It is also Charter Cable in Monterey Park. So it is probably a Charter Cable problem. (That must be a very small corporate block for them or something like that.) Cable providers seem to be remarkably lax on security. That probably does not have port 25 blocked. Did the email submission go through smtpauth.earthlink.net or some other route? If it didn't go through smtpauth.earthlink.net it is not Earthlink originated spam. it is not spoofed. I mentioned 'cable' so that you could see it is not sent through the server but directly, meaning port 25 to the Internet seems still wide open for that host. Here's the complete address: user-0c2i63l.cable.earthlink.net [24.41.24.117] Spamassassin got that one fine with URIBL_JP_SURBL and GAPPY_SUBJECT! But I rather didn't get it at all.. I know I want too much (or too little in this case). It looks like Earthlink needs to protect its name from Charter Cable's predations. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, John Andersen wrote: > On Wednesday 02 August 2006 20:55, Sanford Whiteman wrote: > > Because ?of ?that experience, I find myself > > agreeing ?with ?the ?overall reaction of, in essence: "Kill me now, if > > his ?proposal ?is ?going ?to be disseminated by any entity who doesn't > > have enough techies on staff to shoot it down." > > Sandy: you have a special skill for telling people to go to hell and having > them looking forward to the trip. > > I enjoyed your approach. Ditto. {applause} -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A weapons registration phase ... 4) allows for a degree of control to be exercised during the collection phase; 5) assists in the planning of the collection phase; ... -- the UN, who "doesn't want to confiscate guns" ---
Re: What changes would you make to stop spam? - United Nations Paper
Kenneth Porter wrote: > > Will ISP's do anything? Are they doing anything now for outbound spam? > They will have to otherwise they will end up in a blacklist ;-) Most of the ISP's here are already scanning on inbound spam, not too hard to do it for outgoing then. The ISP I use the most reacts quite fast on abuse. And they have already used an automatically shutoff of clients in the time of virus outbreaks, that traffic got detected and then all you could access was 1 page with an explanation how to get connected again. That's doable too by counting the amount of outgoing spam I think. > BTW, are there any SMTP providers operating independent of ISP's, sorta > like independent newsgroup providers, so that one can use authenticated > SMTP over the submission port to that provider instead of one's ISP? > Yes, the ones who I know about offer anti SPAM/virus services. We've used cleanport for a while for that. It wasn't authenticated but firewalled, SMTP was only opened up for certain IP-addresses of ours. Regards Menno -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5636668 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: So you think that viruses are going to know how to find and decrypt the passwords of all email programs? Network sniffers, keystroke loggers, weak encryption, maliciously patching the email app -- that's four possibilities off the top of my head. They don't even need to be able to handle all of them -- just the more popular ones. -- Kelson Vibber SpeedGate Communications
Re: What changes would you make to stop spam? - United Nations Paper
--On Thursday, August 03, 2006 8:47 AM -0700 MennovB <[EMAIL PROTECTED]> wrote: I don't want to make the zombies use the ISP's SMTP server, I want to stop them from spamming. Right now they can only connect directly to the Internet so if the ISP blocks direct SMTP outgoing the zombies stop working, they can't deliver their spam. Ok, that addresses the existing direct-to-MX zombies. Probably they will then be adapted to figure out and use the ISP's SMTP server, but that makes them easy to detect for the ISP. Will ISP's do anything? Are they doing anything now for outbound spam? Apart from the SMTP-servers from the ISP there may be some other addresses you legitimately want to access with SMTP, could be serviced by the ISP with a web-interface where you can configure a certain number of accessible IP-addressess. I'd rather it be completely open to anyone who's demonstrated having a clue. BTW, are there any SMTP providers operating independent of ISP's, sorta like independent newsgroup providers, so that one can use authenticated SMTP over the submission port to that provider instead of one's ISP?
Re: What changes would you make to stop spam? - United Nations Paper
--On Thursday, August 03, 2006 6:43 AM +0100 Graham Murray <[EMAIL PROTECTED]> wrote: ADSL is both always on and a 'fixed' (ie your phone line is physically connected to a DSLAM port) so the ISPs must have sufficient IP addresses for all their ADSL customers. Not necessarily. A lot of providers have gone to PPPoE, where one goes through an authentication process before being assigned an address. I'm guessing this is intended to allow metering of the connection, not to make more addresses available.
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 2:47 PM -0700 jdow <[EMAIL PROTECTED]> wrote: That slightly more than a year I spent as perhaps one of the VERY first online stalking victims ever (1985-1987) was a hell I'd rather not repeat. Is this written up somewhere? I'd be interested in understanding the threat.
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 3:25 PM -0700 jdow <[EMAIL PROTECTED]> wrote: I keep several gigabytes of email data around. With POP3 it is easy to store locally. With IMAP it's a pain in the . My boss logs in from several computers, including a laptop he takes everywhere. I got tired of keeping all his POP3 mail stores in sync using scripts, so I switched him to IMAP, and set Mozilla on his clients to keep local mirrors (particularly important for detached work). The wire-level work is about the same, but I don't have to maintain a bunch of scripts anymore. It's our server, not an ISP's, so we don't have to worry about size constraints. (And this is also an argument for allowing savvy users to operate servers at home, to provide high-volume mail storage accessible from anywhere in the world.)
Re: What changes would you make to stop spam? - United Nations Paper
Kenneth Porter wrote: > > What I don't understand is how making them use the ISP server stops them > from spamming any more than rate-limiting direct port 25 connections. Why > do the packets need to be reassembled in an MTA and stored and forwarded? > What does that step buy you? > I don't want to make the zombies use the ISP's SMTP server, I want to stop them from spamming. Right now they can only connect directly to the Internet so if the ISP blocks direct SMTP outgoing the zombies stop working, they can't deliver their spam. Probably they will then be adapted to figure out and use the ISP's SMTP server, but that makes them easy to detect for the ISP. Apart from the SMTP-servers from the ISP there may be some other addresses you legitimately want to access with SMTP, could be serviced by the ISP with a web-interface where you can configure a certain number of accessible IP-addressess. Regards Menno van Bennekom -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5635088 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 2:03 PM -0500 Logan Shaw <[EMAIL PROTECTED]> wrote: What might really be nice is some sort of language that could be used to write up a document to configure a mail client for a given ISP and user. It could configure all necessary settings and would work with any client, making this a one-step process even if 10 or 20 different settings have to be entered. Is LDAP a reasonable choice for this? At one point Cyrusoft Mulberry was pushing ACAP, but that doesn't seem to have caught on. But it seems like every list I'm on is mentioning LDAP for authentication for some service, so maybe email client settings can be stored there. One then just configures the LDAP login info. One would need to standardize an LDAP schema for this configuration, though.
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 12:02 PM -0700 MennovB <[EMAIL PROTECTED]> wrote: Anyway, IMHO with SYN throttle you would only be rate-limiting the zombies, I would rather they stopped sending spam completely.. What I don't understand is how making them use the ISP server stops them from spamming any more than rate-limiting direct port 25 connections. Why do the packets need to be reassembled in an MTA and stored and forwarded? What does that step buy you?
Re: What changes would you make to stop spam? - United Nations Paper
jdow wrote: > > The direct in that case is probably the fault of the underlying cable > provider more than Earthlink. Did the spam come through the Earthlink > servers or merely from an address that claimed to be Earthlink? By the > way, there is no such address as "cable.earthlink.net". The address > may have been spoofed. > Of course cable.earthlink.net does not exist, you must be joking ;-) and no it is not spoofed. I mentioned 'cable' so that you could see it is not sent through the server but directly, meaning port 25 to the Internet seems still wide open for that host. Here's the complete address: user-0c2i63l.cable.earthlink.net [24.41.24.117] Spamassassin got that one fine with URIBL_JP_SURBL and GAPPY_SUBJECT! But I rather didn't get it at all.. I know I want too much (or too little in this case). Regards Menno -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5629948 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
From: "MennovB" <[EMAIL PROTECTED]> jdow wrote: Menno, if the Earthlink "progressive delays" strategy is adopted then even spam relayed through ISPs becomes time expensive. Personally I don't believe much in delaying/throttling, there are so much zombies that it's just a matter of dispersing the load intelligently. I can see in my mail-logs in the rejects that tactics like that are used, many of the same spam arrives at the same moment on our server coming from different addresses all over the world. And each zombie picks another one of our mailaddresses that got on a spamlist. But there is also a spambot-version that uses a kind of burst-mode, in about 1 minute it spams all addresses on the spamlist at topspeed and then that zombie is (until now) never used again, so blocking it on IP is somewhat useless. Maybe throttling that one can help a little, but not very much I think. One nice thing about throttling is that it gives the BLs more time to list the spam engine/zombie. Every little bit helps. (Add some real AI to the picture and you can figure out a user's email profile and look for changes. The trick is to distinguish "user home sick" from "machine sick with zombie disease". I suspect it can be done. Of course, if the email pattern for a user is violated then divert a copy of the email, run it through something like SpamAssassin, and discard it. If it hits as postive spam then shut down the user's connection to get their attention. (Use routers to force EVERYTHING to a support web site with the message that "Your machine is sending spam. It may be infected. Please communicate with the support people for help fixing the problem.") jdow wrote: Add to that smtp-auth pointing directly to the perpetrator and Earthlink has a clear excuse to block email except to their help desk or even to block all Internet access except to a page of their own suggesting that the perpetrator or malware on the perpetrator's machine is spewing spam and the situation should be remedied. "Help can be found here" Of course, then if you have the spammer friendly ISPs and registrars in the picture it's all null and void. Something I do not know and suspect is REALLY hard to ascertain until recently when Earthlink went smtpauth only, is how much REAL spam actually does originate from Earthlink servers. If there is much they are certainly canny enough not to spam Earthlink customers for some reason. I have no knowledge about the Earthlink situation, is direct SMTP is blocked? By the way here dialup/dynamic addresses are becoming a rarity (or at least you keep your address for several months even on dynamic cable) so mostly you don't need SMTP-auth to find the spammer. There is very little spam coming in here from Earthlink, the last one (that is detected) is from July the 28 coming directly from a cable.earthlink.net address advertising an erotic site. So I guess this means direct SMTP is still possible, too bad IMHO.. At present it appears Verizon, the DSL provider here, may have port 25 blocked here. Their email servers do NOT accept user email to port 25, I believe. Nope - can't access it, whether due to the Verizon block or their servers not accepting the connection. 587 with authentication works just fine. The direct in that case is probably the fault of the underlying cable provider more than Earthlink. Did the spam come through the Earthlink servers or merely from an address that claimed to be Earthlink? By the way, there is no such address as "cable.earthlink.net". The address may have been spoofed. {^_^} {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
jdow wrote: > > Menno, if the Earthlink "progressive delays" strategy is adopted then > even spam relayed through ISPs becomes time expensive. > Personally I don't believe much in delaying/throttling, there are so much zombies that it's just a matter of dispersing the load intelligently. I can see in my mail-logs in the rejects that tactics like that are used, many of the same spam arrives at the same moment on our server coming from different addresses all over the world. And each zombie picks another one of our mailaddresses that got on a spamlist. But there is also a spambot-version that uses a kind of burst-mode, in about 1 minute it spams all addresses on the spamlist at topspeed and then that zombie is (until now) never used again, so blocking it on IP is somewhat useless. Maybe throttling that one can help a little, but not very much I think. jdow wrote: > > Add to that smtp-auth pointing directly to the perpetrator and Earthlink > has a > clear excuse to block email except to their help desk or even to > block all Internet access except to a page of their own suggesting > that the perpetrator or malware on the perpetrator's machine is spewing > spam and the situation should be remedied. "Help can be found here" > > Of course, then if you have the spammer friendly ISPs and registrars > in the picture it's all null and void. > > Something I do not know and suspect is REALLY hard to ascertain until > recently when Earthlink went smtpauth only, is how much REAL spam > actually does originate from Earthlink servers. If there is much they > are certainly canny enough not to spam Earthlink customers for some > reason. > I have no knowledge about the Earthlink situation, is direct SMTP is blocked? By the way here dialup/dynamic addresses are becoming a rarity (or at least you keep your address for several months even on dynamic cable) so mostly you don't need SMTP-auth to find the spammer. There is very little spam coming in here from Earthlink, the last one (that is detected) is from July the 28 coming directly from a cable.earthlink.net address advertising an erotic site. So I guess this means direct SMTP is still possible, too bad IMHO.. Regards Menno -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5629162 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
> Why use 2 > protocols when you can use one? Oh I don't know. Maybe because the infrastructure for it is already in place in the form of hundreds of thousands of existing mail servers that already require authentication if the message being transmitted isn't destined for a local user? > There would have to be a POP SEND as well. I see. So you're advocating the complete rewrite of two of the most widely used protocols on the Internet, plus the addition of your "solution" to the hundreds or thousands of perfectly good MUAs out there, and for what? So end users don't have to click three or four times in their client while setting up a new account? You're just not getting it. Your idea is bad. Not just bad, but really, really bad. Actually, it's worse than that. It's incredibly stupid. You haven't provided one single advantage to be gained by implementing it, other than end users not having to turn on SMTP AUTH. You're talking about a complete overhaul of the global mail system with no discernable advantage to be gained. Even if the UN (who shouldn't even be bothered with something like this) were to praise your suggestion and recommend its use, you wouldn't get anybody to implement it. It's a horrible, useless idea. Kudos for trying to come up with something revolutionary to address the spam problem, but you failed miserably. Toss this one in the shredder and try again. We'd all like to see a real solution to the problem, and if you can come up with it, fantastic. This isn't it, though. St-
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 23:18, [EMAIL PROTECTED] wrote: > if a provider's smarthost > gets blacklisted, users will have a problem. This has happened before Hundreds of times, to major ISPs. And blacklist sites are not too cooperative in removing bogus blacklistings. Since all mail from a given ISP typically leaves via one IP address, all it takes is two or three subscribers sending low volumes of spam (like two or three per hour) to get the entire ISP blacklisted. -- _ John Andersen pgpbfTmqQefdf.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
Hi Mark, sorry to put this on the list: your mailserver seems to be rejecting mails from millions of potential senders [EMAIL PROTECTED] SMTP error from remote mailer after end of data: host mx.junkemailfilter.com [69.50.231.5]: 550 REJECTED - honeypot - 194.25.134.19 is blacklisted at dnsbl.junkemailfilter.com; -- This is a copy of the message, including all the headers. -- Return-path: <[EMAIL PROTECTED]> Received: from fwd31.aul.t-online.de by mailout06.sul.t-online.com with smtp as an amendment to the discussion about direct smtp vs smarthost: if a provider's smarthost gets blacklisted, users will have a problem. This has happened before Wolfgang Hamann
Re: What changes would you make to stop spam? - United Nations Paper
>> >> >> jdow wrote: >> > From: "Marc Perkel" <[EMAIL PROTECTED]> >> >> >> >> Magnus Holmgren wrote: >> >>> On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity >> >>> to say: >> >>> >> Why not just eliminate the SMTP protocol for end users and keep >> SMTP as >> a server to server protocol and have users send theit email to the >> server by extending POP/IMAP to send email. It created an >> authenticated >> connection back to the server where the POP/IMAP server hands it >> off to >> the SMTP server. That way email clients aren't using the same protocol >> as email servers. >> >> >>> >> >>> Why? It's not, like, that MUAs try to deliver directly to the >> >>> recipient MX. If all ISPs block port 25 outbound, it doesn't matter >> >>> what protocol end users use to submit their mail to their local MTA. >> >>> Otherwise, zombies can still try to connect directly, and you'll >> >>> have to rely on DUL and other blacklists to figure out which IP >> >>> addresses belong to end users. >> >>> >> >> The zombies wouldn't be able to connect because the zombies wouldn't >> >> have the IMAP password. >> > >> > Marc, if the system has been zombified that means a password guessing >> > routine is already present. It can track down the email program's >> > settings and decrypt it, if needed. Or it can simply be intercepted. >> > >> > Requiring IMAP requires MUAs be rewritten to handle the special casing >> > that would be required to have IMAP as the sending tool. Using smtpauth >> > gives more flexibility in design for ISPs and users. >> > >> > {^_^} >> > >> >> So you think that viruses are going to know how to find and decrypt the >> passwords of all email programs? >> >> Nice trick. >> Hi, I believe that a big majority of users uses just one program so if malware is able to work with just that program, there will be still enough paths for spammers to send their stuff. It is similar to virus writers to rely on deficiencies in just one browser Wolfgang Hamann
Re: What changes would you make to stop spam? - United Nations Paper
Kenneth Porter <[EMAIL PROTECTED]> writes: > Interesting idea. It's my understanding that dynamic addresses are > used due to the IPv4 shortage, so if we can push for more IPv6 > deployment, we get the technical means to get rid of dynamic > addresses. I do not think so, at least in the case of ADSL. Dynamic IP addressing is an appropriate technology for dial-up modem connections - allocate a static address to each modem port and have PPP allocate that address to whichever customer is currently connected to that modem. ADSL is both always on and a 'fixed' (ie your phone line is physically connected to a DSLAM port) so the ISPs must have sufficient IP addresses for all their ADSL customers. So it makes better sense to allocate a fixed IP address to each ADSL customer.
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 20:55, Sanford Whiteman wrote: > Because of that experience, I find myself > agreeing with the overall reaction of, in essence: "Kill me now, if > his proposal is going to be disseminated by any entity who doesn't > have enough techies on staff to shoot it down." Sandy: you have a special skill for telling people to go to hell and having them looking forward to the trip. I enjoyed your approach. -- _ John Andersen pgpTgSnvwHsZj.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 11:24, Magnus Holmgren wrote: > Otherwise, zombies can still try > to connect directly, and you'll have to rely on DUL and other blacklists to > figure out which IP addresses belong to end users. The reason zombies are detected is that they cause performance problems. The more clever zombies do not impose much load and can run for a LONG time before triggering any suspicion. Many of the newer bots use the same routes as set up in outlook. So routing all mail thru your ISP and placing those settings in Outlook just make it easier for the zombie code to figure them out. Zombies with low activity level can send just enough mail for their spam masters to get your whole ISP black listed. (Happened to my ISP). Forcing all smtp thru ISPs is not going to slow down the bot nets much. These guys aren't stupid. -- _ John Andersen pgpODDrc0KZiO.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
From: "Marc Perkel" <[EMAIL PROTECTED]> jdow wrote: From: "Marc Perkel" <[EMAIL PROTECTED]> Magnus Holmgren wrote: On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. Marc, if the system has been zombified that means a password guessing routine is already present. It can track down the email program's settings and decrypt it, if needed. Or it can simply be intercepted. Requiring IMAP requires MUAs be rewritten to handle the special casing that would be required to have IMAP as the sending tool. Using smtpauth gives more flexibility in design for ISPs and users. {^_^} So you think that viruses are going to know how to find and decrypt the passwords of all email programs? Nice trick. Ever hear of "tcpdump"? A version exists for Windows. Read the passwords in plain text with it all you want. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
jdow wrote: From: "John Rudd" <[EMAIL PROTECTED]> On Aug 2, 2006, at 1:26 PM, Marc Perkel wrote: If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it. It will wipe out the _existing_ spam zombies. Then the zombies will adapt to using IMAP or POP instead. While it's true that this then presents the "they have to know the password" hurdle for the zombies, you get that same advantage by requiring SMTP-AUTH. So, by switching to requiring SMTP-AUTH you get the same exact advantage you would have gotten by switching to IMAP or POP for sending. Your method has _no_ gain over existing technology. Your proposal is really just deferring the issue, not fixing it. You're moving the problem from one place to another, not removing the problem. In the mean time it moves MOST people email storage into a position for REALLY EASY government examination for "bad thoughts". It's ideal for thought police. IMAP stores email on the server rather than my private machine where there are some legal protections remaining. {^_^} Actually IMAP can do both - server storage or local storage.
Re: What changes would you make to stop spam? - United Nations Paper
jdow wrote: From: "Marc Perkel" <[EMAIL PROTECTED]> Magnus Holmgren wrote: On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. Marc, if the system has been zombified that means a password guessing routine is already present. It can track down the email program's settings and decrypt it, if needed. Or it can simply be intercepted. Requiring IMAP requires MUAs be rewritten to handle the special casing that would be required to have IMAP as the sending tool. Using smtpauth gives more flexibility in design for ISPs and users. {^_^} So you think that viruses are going to know how to find and decrypt the passwords of all email programs? Nice trick.
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Ken A wrote: > I don't think it's anything that dark.. See previous threads started by > Marc Perkel on this list. He appears to be gaining an education - > perhaps accidentally with his overzealous approach. See subjects: "The > Future of Email is SQL", "The best way to use Spamassassin is to not use > Spamassassin". The one thing in common is that the threads go on way too > long, since they elicit some strong responses. > > Paper is due tomorrow, HA! My goodness, you're right! Junior? Or sophomore? This can't be a senior-level assignment. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, jdow wrote: > Of course, then if you have the spammer friendly ISPs and > registrars in the picture it's all null and void. Don't give up yet! ISPs are assigned specific netblocks. Spammer-friendly ISPs' netblocks can be listed in a DNSBL. It's fairly easy to determine which registrar a domain uses. If a new domain is registered with a spammer-friendly registrar, that domain can be put in a SURBL. If there's notification when a domain changes registrars, the same check can be made to either add or remove the domain. How difficult is it to identify "spammer-friendly" ISPs and registrars? Given a list of such, and notifications of netblock assignment and domain registration and transfer, maintenance of the Spammer-Friendly DNSBL and SURBL could be completely automated. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, jdow wrote: > >> Being that I am a domain registrar (small but still) how will I > >> know if they have a working postmaster or abuse alias? > > > > Easy. Send them an email and see if they respond. Make it clear in the > > service agreement that they (hopefully) read before registering a > > domain that this is a requirement. > > A three line procmail recipe handles that very nicely. You get through > but everybody else is discarded. Your next move is...? Send the query from a different domain, one not the registrar's. The service agreement would have to specify that responding to only the registrar's queries and discarding others would be grounds for suspending the domain. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Aug 2, 2006, at 3:40 PM, jdow wrote: From: "John Rudd" <[EMAIL PROTECTED]> On Aug 2, 2006, at 1:26 PM, Marc Perkel wrote: If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it. It will wipe out the _existing_ spam zombies. Then the zombies will adapt to using IMAP or POP instead. While it's true that this then presents the "they have to know the password" hurdle for the zombies, you get that same advantage by requiring SMTP-AUTH. So, by switching to requiring SMTP-AUTH you get the same exact advantage you would have gotten by switching to IMAP or POP for sending. Your method has _no_ gain over existing technology. Your proposal is really just deferring the issue, not fixing it. You're moving the problem from one place to another, not removing the problem. In the mean time it moves MOST people email storage into a position for REALLY EASY government examination for "bad thoughts". It's ideal for thought police. IMAP stores email on the server rather than my private machine where there are some legal protections remaining. Most IMAP clients, that I've used, have a notion of both "server side" and "client side" folders, though. So, basically, you'd have your INBOX and OUTBOX on the server, and you could keep _everything_ else on your client(s).
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Marc Perkel wrote: > The zombies wouldn't be able to connect because the zombies wouldn't > have the IMAP password. I think you're too optimistic about that. "remember my password" is a feature of most every email client, and the encryption key (assuming the password is even encrypted) has to be stored somewhere on the system otherwise the app would be asking the user for it. I think it's safe to assume the only way the zombie wouldn't have access to the user's password is if the user didn't choose or the email client application didn't provide the "remember my password" option. In what percentage of clients is that likely to be the case? > >> I think part of the problem is that the receiving SMTP server can't tell > >> if email is coming from another SMTP server or a virus infected spam > >> zombie. > > If you use IMAP for your outgoing email from the client you no > longer need port 25 except for server to server transfers. How is this functionally different from the ISP blocking SMTP to the rest of the Internet and requiring SMTP AUTH to their own servers (apart from requiring changes to the IMAP protocol, the servers and the clients)? How is it enough of an improvement over SMTP AUTH to justify and make attractive the work needed to implement and distribute the changes? > The only outgoing path is the IMAP connection which requires > authentication. Zombies wouldn't have the password and wouldn't > have access to any way to send email. See above. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, jdow wrote: If this is real and not make believe for a class somewhere in school then Marc is a VERY dangerous person with an agenda. I don't agree about the agenda, but I do agree about the danger. If it is the case, it's simply depressing that the UN would take input about fighting the spam problem from someone who seems to lack a basic understanding of some of the important details of how e-mail works, namely that writing down on a piece of paper (even if it's signed by Kofi Annan and all the leaders of every country in the world) that "henceforth, all SMTP connections will only come from legit servers" has no effect on what actually happens. The answer is easy, remember where IMAP stores your email. This makes it VERY easy for the government to dig into your private life without invading your home where you generally have some legal protections. He has been ordered to justify using IMAP instead of SMTP using SPAM as an excuse. How else do you explain his irrationality? I like to apply Hanlon's Razor to such questions. Hanlon's Razor states, "Never attribute to malice that which can be adequately explained by stupidity." While I don't doubt that most governments have a tendancy to invade the privacy of individuals and (more generally) expand their powers over time, I've seen them make bad rules and laws based on pure ignorance so many times that I think that's the most likely cause for a lot of it. Also, for what it's worth, I'm not sure I buy the explanation of why the UN would want to push people towards IMAP. While I think IMAP has much better support than POP3 for leaving messages on the server if you want to do that, it is easy to use the IMAP protocol just like POP3: IMAP supports the ability to see a list of messages, fetch a message, and delete a message just like POP3 does, so you can easily use an IMAP mailbox as a temporary maildrop just like you do with POP3. - Logan
Re: What changes would you make to stop spam? - United Nations Paper
How about treating this as a network issue instead of a mail issue? There's quite a body of work already available, including the idea (packet authentication) being investigated by the team at the link below. http://www.ece.cmu.edu/~adrian/projects/tesla-cryptobytes/paper/node1.html Just trying to help ... Sincerest regards, James Butler Chairman, Board of Directors Internet Society - Los Angeles Chapter California, USA *** REPLY SEPARATOR *** On 8/2/06 at 4:15 PM Ken A wrote: >jdow wrote: >> From: "Ken A" <[EMAIL PROTECTED]> >> That's crazier than I thought you were. If you expect the average user to go along with that you're not connected with reality very well. Your idealism is getting in the way. >>> >>> He's engaged in marc-eting ? sorry... but yeah. end this o.t. please... >>> Ken >> >> This is his original email: >> ===8<--- >> I'm writing a paper that I'm submitting to an Internet Governance Forum >> of the United Nations. Keeping in mind that free speech and freedom is >> important, what would you change in the world to stop spam? I'm looking >> for things that are actually possible and practical. Suggestions can be >> anthing. My thoughts include things like requiring ISPs to provide >> better firewalls for end users, requiring Microsoft to provide more hack >> protection even for pirated versions of windows, ways to keep people >> from impersonating other users, evolving the SMTP protocol >> >> Looking for more ideas. Paper is due tomorrow. >> ===8<--- >> >> If this is real and not make believe for a class somewhere in school >> then Marc is a VERY dangerous person with an agenda. That agenda seems >> to be to require IMAP. The question becomes "why?" >> >> The answer is easy, remember where IMAP stores your email. This makes >> it VERY easy for the government to dig into your private life without >> invading your home where you generally have some legal protections. >> >> He has been ordered to justify using IMAP instead of SMTP using SPAM >> as an excuse. How else do you explain his irrationality? > >I don't think it's anything that dark.. See previous threads started by >Marc Perkel on this list. He appears to be gaining an education - >perhaps accidentally with his overzealous approach. See subjects: "The >Future of Email is SQL", "The best way to use Spamassassin is to not use >Spamassassin". The one thing in common is that the threads go on way too >long, since they elicit some strong responses. > >Paper is due tomorrow, HA! > >Ken A >Pacific.Net > > >> This makes him an incredibly dangerous person. It is also a very >> telling argument against transferring management of the Internet to >> the UN. It's scary enough having the US government involved. At least >> the US government is mandating remarkably little with its mostly hands >> off approach towards those managing the Internet. If people like Marc >> end up in control the Internet quickly becomes useless and actively >> dangerous to use. Sadly the UN is further down that dangerous road >> than the US, today. That is, of course, subject to change. >> >> What the Internet needs is as little hands on management as possible >> with as many alternatives as possible. Let the people on the Internet >> evolve the protections, such as SpamAssassin. If other people are >> annoyed by spam then they should pressure for the adoption of these >> filtering practices or adopt them for themselves. Dictating what >> protocols can be used and selecting one that exposes as much private >> data as possible to rather direct government scrutiny is NOT the way >> the Internet should evolve. >> >> {^_^} >>
Re: What changes would you make to stop spam? - United Nations Paper
jdow wrote: From: "Ken A" <[EMAIL PROTECTED]> That's crazier than I thought you were. If you expect the average user to go along with that you're not connected with reality very well. Your idealism is getting in the way. He's engaged in marc-eting ? sorry... but yeah. end this o.t. please... Ken This is his original email: ===8<--- I'm writing a paper that I'm submitting to an Internet Governance Forum of the United Nations. Keeping in mind that free speech and freedom is important, what would you change in the world to stop spam? I'm looking for things that are actually possible and practical. Suggestions can be anthing. My thoughts include things like requiring ISPs to provide better firewalls for end users, requiring Microsoft to provide more hack protection even for pirated versions of windows, ways to keep people from impersonating other users, evolving the SMTP protocol Looking for more ideas. Paper is due tomorrow. ===8<--- If this is real and not make believe for a class somewhere in school then Marc is a VERY dangerous person with an agenda. That agenda seems to be to require IMAP. The question becomes "why?" The answer is easy, remember where IMAP stores your email. This makes it VERY easy for the government to dig into your private life without invading your home where you generally have some legal protections. He has been ordered to justify using IMAP instead of SMTP using SPAM as an excuse. How else do you explain his irrationality? I don't think it's anything that dark.. See previous threads started by Marc Perkel on this list. He appears to be gaining an education - perhaps accidentally with his overzealous approach. See subjects: "The Future of Email is SQL", "The best way to use Spamassassin is to not use Spamassassin". The one thing in common is that the threads go on way too long, since they elicit some strong responses. Paper is due tomorrow, HA! Ken A Pacific.Net This makes him an incredibly dangerous person. It is also a very telling argument against transferring management of the Internet to the UN. It's scary enough having the US government involved. At least the US government is mandating remarkably little with its mostly hands off approach towards those managing the Internet. If people like Marc end up in control the Internet quickly becomes useless and actively dangerous to use. Sadly the UN is further down that dangerous road than the US, today. That is, of course, subject to change. What the Internet needs is as little hands on management as possible with as many alternatives as possible. Let the people on the Internet evolve the protections, such as SpamAssassin. If other people are annoyed by spam then they should pressure for the adoption of these filtering practices or adopt them for themselves. Dictating what protocols can be used and selecting one that exposes as much private data as possible to rather direct government scrutiny is NOT the way the Internet should evolve. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
He's not advocating switching to an IMAP-only system ... He's asking the U.N. to start "...funding projects that fight spam and provide internet security and educational resources to the public." The rest of the paper is background and suggestions taken from this thread (and a couple he came into the project with, re: Microsoft). We can presume that his "masters" include the almighty dollar and low-hanging fruit. Oops ... I may be a fsking idiot ... sorry. Sincerest regards, James Butler Chairman, Board of Directors Internet Society - Los Angeles Chapter California, USA *** REPLY SEPARATOR *** On 8/2/06 at 3:51 PM jdow wrote: >If this is real and not make believe for a class somewhere in school >then Marc is a VERY dangerous person with an agenda. That agenda seems >to be to require IMAP. The question becomes "why?" > >The answer is easy, remember where IMAP stores your email. This makes >it VERY easy for the government to dig into your private life without >invading your home where you generally have some legal protections. > >He has been ordered to justify using IMAP instead of SMTP using SPAM >as an excuse. How else do you explain his irrationality? > >This makes him an incredibly dangerous person. It is also a very >telling argument against transferring management of the Internet to >the UN. It's scary enough having the US government involved. At least >the US government is mandating remarkably little with its mostly hands >off approach towards those managing the Internet. If people like Marc >end up in control the Internet quickly becomes useless and actively >dangerous to use. Sadly the UN is further down that dangerous road >than the US, today. That is, of course, subject to change. > >What the Internet needs is as little hands on management as possible >with as many alternatives as possible. Let the people on the Internet >evolve the protections, such as SpamAssassin. If other people are >annoyed by spam then they should pressure for the adoption of these >filtering practices or adopt them for themselves. Dictating what >protocols can be used and selecting one that exposes as much private >data as possible to rather direct government scrutiny is NOT the way >the Internet should evolve. > >{^_^}
Re: What changes would you make to stop spam? - United Nations Paper
On Thursday 03 August 2006 00:40, jdow took the opportunity to say: > In the mean time it moves MOST people email storage into a position > for REALLY EASY government examination for "bad thoughts". It's ideal > for thought police. IMAP stores email on the server rather than my > private machine where there are some legal protections remaining. That's what they want you to believe... -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpF75q2V0Gzx.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
From: "Ken A" <[EMAIL PROTECTED]> That's crazier than I thought you were. If you expect the average user to go along with that you're not connected with reality very well. Your idealism is getting in the way. He's engaged in marc-eting ? sorry... but yeah. end this o.t. please... Ken This is his original email: ===8<--- I'm writing a paper that I'm submitting to an Internet Governance Forum of the United Nations. Keeping in mind that free speech and freedom is important, what would you change in the world to stop spam? I'm looking for things that are actually possible and practical. Suggestions can be anthing. My thoughts include things like requiring ISPs to provide better firewalls for end users, requiring Microsoft to provide more hack protection even for pirated versions of windows, ways to keep people from impersonating other users, evolving the SMTP protocol Looking for more ideas. Paper is due tomorrow. ===8<--- If this is real and not make believe for a class somewhere in school then Marc is a VERY dangerous person with an agenda. That agenda seems to be to require IMAP. The question becomes "why?" The answer is easy, remember where IMAP stores your email. This makes it VERY easy for the government to dig into your private life without invading your home where you generally have some legal protections. He has been ordered to justify using IMAP instead of SMTP using SPAM as an excuse. How else do you explain his irrationality? This makes him an incredibly dangerous person. It is also a very telling argument against transferring management of the Internet to the UN. It's scary enough having the US government involved. At least the US government is mandating remarkably little with its mostly hands off approach towards those managing the Internet. If people like Marc end up in control the Internet quickly becomes useless and actively dangerous to use. Sadly the UN is further down that dangerous road than the US, today. That is, of course, subject to change. What the Internet needs is as little hands on management as possible with as many alternatives as possible. Let the people on the Internet evolve the protections, such as SpamAssassin. If other people are annoyed by spam then they should pressure for the adoption of these filtering practices or adopt them for themselves. Dictating what protocols can be used and selecting one that exposes as much private data as possible to rather direct government scrutiny is NOT the way the Internet should evolve. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "John Rudd" <[EMAIL PROTECTED]> On Aug 2, 2006, at 1:26 PM, Marc Perkel wrote: If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it. It will wipe out the _existing_ spam zombies. Then the zombies will adapt to using IMAP or POP instead. While it's true that this then presents the "they have to know the password" hurdle for the zombies, you get that same advantage by requiring SMTP-AUTH. So, by switching to requiring SMTP-AUTH you get the same exact advantage you would have gotten by switching to IMAP or POP for sending. Your method has _no_ gain over existing technology. Your proposal is really just deferring the issue, not fixing it. You're moving the problem from one place to another, not removing the problem. In the mean time it moves MOST people email storage into a position for REALLY EASY government examination for "bad thoughts". It's ideal for thought police. IMAP stores email on the server rather than my private machine where there are some legal protections remaining. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Marc Perkel" <[EMAIL PROTECTED]> Logan Shaw wrote: On Wed, 2 Aug 2006, Marc Perkel wrote: SMTP passwords go away because SMTP goes away. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol. That's all well and good saying SMTP is server to server only, but how are you going to get the spammers to cooperate? Do you think they will volunteer? And when you are running an SMTP server, how can you tell if SMTP connections that it receives are really coming from another server? - Logan If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it. Marc, Earth to Marc, what makes you think for an atto-second that it is not possible for a spammer to mimic an smtp server sending legitimate email? It's done all the time. What makes you think that a (small for manageability) system of email servers can handle the traffic if EVERYTHING was submitted through them? What makes you think a new ad hoc smtp address would not sprout up and get used by people who think going through a small set of government (UN?) administered servers is a very bad thing just on principle. If the list of "legitimate" servers is fairly large then what is to stop the growth industry this creates for spammer friendly email registrars? You have a singular vendetta against SMTP that is irrational. Engage critical thinking and learn about what is really out there and what works. You seem to be remarkably ill tutored. You seem to be at the equivalent of a politician's aid's position of knowledge about the Internet and its protocols. Somebody told you SMTP is bad and IMAP is the only good in the world and ordered you to justify this. It is not going to fly with this group. If you REALLY ARE submitting your report to the UN in an official capacity you owe it to the world to get real. If this is a class project, you lose. I'd grade you about a D- for the submission. Your attitude reads like something I would expect from a VERY totalitarian regime because it exposes EVERYBODY to DIRECT government intervention in the email process. That is an incredibly bad thing. {^_^} Joanne said that and means it.
Re: What changes would you make to stop spam? - United Nations Paper
jdow wrote: From: "Marc Perkel" <[EMAIL PROTECTED]> Magnus Holmgren wrote: On Wednesday 02 August 2006 21:29, Marc Perkel took the opportunity to say: The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. In that case, neither the SMTP password, which we have to assume is required. But in most cases I think the spamware has access to the password if it wants to. Especially with admin privileges. SMTP passwords go away because SMTP goes away. If the user doesn't store the password then they would type it in when say Thunderbird first starts. At that point obly thunderbird, not the virus program would have access to the IMAP port. If the virus wanted access it would have to establish it's own connection which would require it's own authentication. That's crazier than I thought you were. If you expect the average user to go along with that you're not connected with reality very well. Your idealism is getting in the way. He's engaged in marc-eting ? sorry... but yeah. end this o.t. please... Ken Fie on you. {+_+} You'd CERTAINLY break my email setup to shreds with your ill advised idealism. Get over your religious fervor about smtp and engage some critical thinking, please.
Re: What changes would you make to stop spam? - United Nations Paper
From: "Marc Perkel" <[EMAIL PROTECTED]> Magnus Holmgren wrote: On Wednesday 02 August 2006 21:29, Marc Perkel took the opportunity to say: The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. In that case, neither the SMTP password, which we have to assume is required. But in most cases I think the spamware has access to the password if it wants to. Especially with admin privileges. SMTP passwords go away because SMTP goes away. If the user doesn't store the password then they would type it in when say Thunderbird first starts. At that point obly thunderbird, not the virus program would have access to the IMAP port. If the virus wanted access it would have to establish it's own connection which would require it's own authentication. That's crazier than I thought you were. If you expect the average user to go along with that you're not connected with reality very well. Your idealism is getting in the way. Fie on you. {+_+} You'd CERTAINLY break my email setup to shreds with your ill advised idealism. Get over your religious fervor about smtp and engage some critical thinking, please.
Re: What changes would you make to stop spam? - United Nations Paper
From: "JamesDR" <[EMAIL PROTECTED]> Mail storage for ISP? Say 100MB. (ISP's don't allocate this my the number of users, they know that they won't be storing that much mail for that long.) Help desk calls because of over limit? Very few. IMAP/IMAP SEND Mail storage for ISP? Say 100MB. (ISP WILL HAVE TO allocate this much for every user, say you have 40K users... you can see how expensive this will become.) Help desk calls because of over limit? Quite a few because the email client will just keep the messages on the server. I keep several gigabytes of email data around. With POP3 it is easy to store locally. With IMAP it's a pain in the . {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Marc Perkel" <[EMAIL PROTECTED]> Magnus Holmgren wrote: On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. Marc, if the system has been zombified that means a password guessing routine is already present. It can track down the email program's settings and decrypt it, if needed. Or it can simply be intercepted. Requiring IMAP requires MUAs be rewritten to handle the special casing that would be required to have IMAP as the sending tool. Using smtpauth gives more flexibility in design for ISPs and users. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Marc Perkel" <[EMAIL PROTECTED]> Kenneth Porter wrote: --On Wednesday, August 02, 2006 5:37 AM -0700 Marc Perkel <[EMAIL PROTECTED]> wrote: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. What's your objection to authenticated SMTP? It already exists, and clients support it. All my users use it. If IMAP had the ability to send email to the server then SMTP could be a server to server protocol and IMAP would be the consumer connection protocol. That would make it so that servers don't have to talk to end users pretending to be SMTP servers. You could wall off port 25 and isolate the spam zombies. Earth to Marc, this has already been done in many situations. Earthlink only allows smtpauth on the smtp-submission port. Experiment seems to indicate that Verizon (hiss spit - for other reasons) has port 25 blocked, at least in this area. About the only hitch is that I have to configure the server twice in Mozilla. (It would be nice to have a checkbox to say that the SMTP info is the same as the IMAP info, except for port number.) If IMAP could send you wouldn't have to configure it twice. If wishes were horses beggars would ride, too. IMAP submission uses the wrong tool for the job when perfectly adequate tools exist. This senseless vendetta against using smtp in any form is strongly suggesting a pre-bias to your work which should be objective if is to be honestly useful. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "MennovB" <[EMAIL PROTECTED]> John D. Hardin wrote: On Tue, 1 Aug 2006, John Rudd wrote: Reducing volume of spam *sent* probably requires fundamental redesign of the protocols, or some other major change in the cost/benefit analysis. Don't think that's needed, if ISP's only allow outgoing SMTP to the ISP's SMTP servers and not directly then most (current) bots and most spam will be dealt with. I wouldn't be surprised to see the amount of spam then drop more than 80%. (I know, just repeating myself ;-)) Come to think of it, changes are the zombies/bots will then be used for DDOS'ing everything that has an IP-address just as revenge :( Menno, if the Earthlink "progressive delays" strategy is adopted then even spam relayed through ISPs becomes time expensive. Add to that smtp-auth pointing directly to the perpetrator and Earthlink has a clear excuse to block email except to their help desk or even to block all Internet access except to a page of their own suggesting that the perpetrator or malware on the perpetrator's machine is spewing spam and the situation should be remedied. "Help can be found here" Of course, then if you have the spammer friendly ISPs and registrars in the picture it's all null and void. Something I do not know and suspect is REALLY hard to ascertain until recently when Earthlink went smtpauth only, is how much REAL spam actually does originate from Earthlink servers. If there is much they are certainly canny enough not to spam Earthlink customers for some reason. {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Kenneth Porter" <[EMAIL PROTECTED]> --On Wednesday, August 02, 2006 3:03 PM +0100 Graham Murray <[EMAIL PROTECTED]> wrote: Personally I would solve the problem by going the other way. Get rid of dynamic IP addresses Interesting idea. It's my understanding that dynamic addresses are used due > to the IPv4 shortage, so if we can push for more IPv6 deployment, we get the technical means to get rid of dynamic addresses. (Aside from addresses, > are there other configuration settings that need to be handed down by DHCP? > Does IPv6 auto-config take care of DNS and routing?) Dynamic addresses are rather overused in that case. This collection of machines is behind a firewall connection that is ALWAYS on unless the physical lines leading to this building are severed. (This has happened with Santana winds. A 120 MPH wind is "amazing" to say the least.) The UPS on that machine, and several others I use, will hold us up on line for at least 9 hours based on actual testing. So "why not give us a simple static address and be done with it?" I think the answer is that Earthlink and Verizon (wire and actual internet provisioner) think that they can get away with charging more for a static address. Other than that there's no reason for dynamic addresses on high speed connections. {O.O} Joanne said that
Re: What changes would you make to stop spam? - United Nations Paper
From: "Kenneth Porter" <[EMAIL PROTECTED]> --On Wednesday, August 02, 2006 11:09 AM -0400 Rob McEwen <[EMAIL PROTECTED]> wrote: Honestly, I haven't been following this thread much... but I do want to add that the UN is full of thugs who are power hungry and would like very much to control the Internet and implement a world tax and probably a tax on the Internet as well. Good point. While stopping spam, we shouldn't destroy anonymity. I'm sure repressive regimes like North Korea and Iran would love an anti-spam measure that let them keep better tabs on what their citizens are saying. I'd love to see your reaction if somebody anonymously stalks you (I've been a victim of that before) or manages to libel or slander you. If you cannot find the person you cannot protect yourself or litigate the ill done to you. I fail to see the need for absolute anonymity. I do see a need for "routine anonymity" that can be pierced if absolutely required. (That slightly more than a year I spent as perhaps one of the VERY first online stalking victims ever (1985-1987) was a hell I'd rather not repeat. - - - MUCH later I heard the perp committed suicide, finally, when he could not get his life back together. His reputation did him in once it was prosecuted - for credit fraud related to the means he used for his stalking. Fine was $1000. Lawyer fees ate all his resources. His wife left him. He returned to Germany. Had problems there. Eventually he gave up. I CANNOT say I am sorry about that. It was a living Hell. And being reminded of it leaves me more than a little "testy", which is why I chewed on some people yesterday more than I should have. I had to explain about this to a friend who is also a list manager early yesterday. Not a nice way to start the day. The bright side of it is that the incident prompted me to look up someone who was there and had reported on it, Brock Meeks. He's done quite well for himself, it seems. Congratulations to him.) "The only absolute rule is that there are no absolute rules." {o.o}
Re: What changes would you make to stop spam? - United Nations Paper
From: "Logan Shaw" <[EMAIL PROTECTED]> On Wed, 2 Aug 2006, Marc Perkel wrote: I think what you are doing is a step in the right direction. But imagine if the users IMAP connection could be used to send mail back up the link then you wouldn't need to do SMTP to the users at all. All you would have to do is configure a way for the IMAP server to hand outgoing email off to the SMTP server. Yeah, but imagine if an SMTP AUTH connection could be used to send mail back up to the server. Then you wouldn't need to use IMAP to send mail at all. All you would have to do is nothing, since SMTP AUTH already works and provides the same benefits. Besides, with my setup I fetch the mail from a different place than I send it back through. So forcing IMAP becomes "tedious". (I fetchmail and filter incoming and fetch from my own machine. I send directly through Earthlink's smtpauth ports.) {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 22:26, Marc Perkel took the opportunity to say: > Logan Shaw wrote: > > On Wed, 2 Aug 2006, Marc Perkel wrote: > >> SMTP passwords go away because SMTP goes away. > >> > >> The idea is that outgoing IMAP would replace SMTP and there would be > >> no SMTP between clients and servers. SMTP would be a server to server > >> protocol. > > > > That's all well and good saying SMTP is server to server > > only, but how are you going to get the spammers to cooperate? > > Do you think they will volunteer? And when you are running > > an SMTP server, how can you tell if SMTP connections that it > > receives are really coming from another server? > > If SMTP becomes a server to server protocol then it will wipe out > consumer virus infected spam zombies. For the last time: No, it won't! It is theoretically and practically impossible for it to matter! What you want to do is to tell servers and non-server apart somehow. To do that you can either put all non-servers behind firewalls, compile a long list of authorised servers, or use keys that only authorised ISPs and email service vendors are allowed to have, and which are protected by treacherous computing. Whichever solution you choose, the protocol used between user and MTA is utterly irrelevant, because you don't see it! This is worth pointing out since you seem to think that you *can* reliably know what protocol was used by looking at the headers or something. Oh, and if you're actually assuming that this problem will be solved, and are instead talking about how to prevent the spamware from getting their spam out through the same channel as the users - that doesn't matter either. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgp3TrixylWHm.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
From: "John D. Hardin" <[EMAIL PROTECTED]> On Wed, 2 Aug 2006, Tom Ray wrote: > have registered that does not have working (i.e. read-by-a-human) > postmaster@ and abuse@ aliases? Being that I am a domain registrar (small but still) how will I know if they have a working postmaster or abuse alias? Easy. Send them an email and see if they respond. Make it clear in the service agreement that they (hopefully) read before registering a domain that this is a requirement. A three line procmail recipe handles that very nicely. You get through but everybody else is discarded. Your next move is...? {^_^}
Re: What changes would you make to stop spam? - United Nations Paper
Rob, PLEASE uninject politics from this list. It's counter productive. That is what I meant about the original attempt to inject politics. {o.o} - Original Message - From: "Rob McEwen" <[EMAIL PROTECTED]> Honestly, I haven't been following this thread much... but I do want to add that the UN is full of thugs who are power hungry and would like very much to control the Internet and implement a world tax and probably a tax on the Internet as well. They will do this all in the name of "helping" us... just like Hugo Chavez is "helping" the Venezuelans... but like Chavez, who is turning Venezuela into a new Cuba and himself into his beloved Castro, those guys at the UN are more concerned about their own power and about extracting (or extorting) wealth and power away from the U.S. and other "rich" western countries. SEE: http://www.opinionjournal.com/extra/?id=110007381 http://www.washtimes.com/world/20031208-125717-6682r.htm As far as I'm concerned, there is really no difference (intention-wise) between Kofi Annan and Supreme Chancellor Palpatine... except that Kofi is much dumber and not nearly as powerful as Palpatine... (at least not yet). So be careful about anything the U.N. might come up with to "rescue" us! Rob McEwen PowerView Systems
Re: What changes would you make to stop spam? - United Nations Paper
From: "Marc Perkel" <[EMAIL PROTECTED]> Nigel Frankcom wrote: On Wed, 02 Aug 2006 05:37:32 -0700, Marc Perkel <[EMAIL PROTECTED]> wrote: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. I think part of the problem is that the receiving SMTP server can't tell if email is coming from another SMTP server or a virus infected spam zombie. Our MTA has the facility to assign an alternate SMTP port, this is used for customers to send mail in. The main port 25 still operates as normal for server to server, and more often than not spammer to server traffic. Though the facility was originally introduced to get around certain ISP's blocking port 25 off network and those that use a proxy. In many, many cases the proxies don't forward the auth info and legitimate sender mail consequently bounces. The added bonus for us is that legitimate local users are never competing with spammers for sockets. Nigel I think what you are doing is a step in the right direction. But imagine if the users IMAP connection could be used to send mail back up the link then you wouldn't need to do SMTP to the users at all. All you would have to do is configure a way for the IMAP server to hand outgoing email off to the SMTP server. Use the submission port, 587, with authentication. Forcing users to IMAP is "a bad thing". (It fouls up my rather elaborate sorting processes due to limitations in the IMAP concepts.) It's bad enough explaining to Great-Granny about how to handle POP3 and SMTP AUTH. Explaining IMAP on top of it all is pushing things a little, doncha think? {O.O}
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. Given 'em time. With sufficient motivation, the people who write the zombie programs will go to the effort to check the default mailer's config and extract the password. Or link it to a keystroke logger and capture the password that way. -- Kelson Vibber SpeedGate Communications
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 21:51, Marc Perkel took the opportunity to say: > JamesDR wrote: > > And this differs from SMTP AUTH in what way? > > With SMTP AUTH te authentication for the outbound email isn't > necessarilly the same as the incoming email. But that would be both stupid and unnecessary. > If you use IMAP to send > email then the user has to know the IMAP password to send email. It also > doesn't require a separate connection on a separate port. Why use 2 > protocols when you can use one? Mainly because both protocols exist and work. You should pointed this out *before* SMTP AUTH was defined. > > IMAP/IMAP SEND > > Mail storage for ISP? Say 100MB. (ISP WILL HAVE TO allocate this much > > for every user, say you have 40K users... you can see how expensive > > this will become.) Help desk calls because of over limit? Quite a few > > because the email client will just keep the messages on the server. > > There would have to be a POP SEND as well. But that's, like, 2 protocols as well. Except they go in the same connection. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpVuYQVWnEZI.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
On 8/2/06, Marc Perkel <[EMAIL PROTECTED]> wrote: doesn't require a separate connection on a separate port. Why use 2 protocols when you can use one? Indeed, why don't we just close all ports except 80 and layer everything atop HTTP? For heavens sake, Marc. This debate about using IMAP/POP for outbound mail already happened more than a decade ago. If you can't be bothered to look through the archives of the IETF lists that discussed creation of these protocols, at least take the word of those of us who were present at the time: It was a poor idea then, it's still a poor idea, and you'd be much better off spending your time pushing something else. And NONE of this is relevent to SpamAssassin any more. Take it somewhere else.
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: With SMTP AUTH te authentication for the outbound email isn't necessarilly the same as the incoming email. If you use IMAP to send email then the user has to know the IMAP password to send email. It also doesn't require a separate connection on a separate port. Why use 2 protocols when you can use one? Maybe because it requires replacing everyone's mail software, top to bottom? No thanks, not this year. Maybe in 5 years or so when the protocol extensions have been formalized in an RFC and left to age for a while (and get support into client and server software). Anyway, "properly" configured SMTP AUTH will use exactly the same set of username/password pairs (server-side, at least) as IMAP/POP. Most ISPs don't have any inclination to maintain separate passwords for different services for each user - and many already use a central directory system of some kind for all authentication. -kgd
Re: What changes would you make to stop spam? - United Nations Paper
On Aug 2, 2006, at 1:26 PM, Marc Perkel wrote: If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it. It will wipe out the _existing_ spam zombies. Then the zombies will adapt to using IMAP or POP instead. While it's true that this then presents the "they have to know the password" hurdle for the zombies, you get that same advantage by requiring SMTP-AUTH. So, by switching to requiring SMTP-AUTH you get the same exact advantage you would have gotten by switching to IMAP or POP for sending. Your method has _no_ gain over existing technology. Your proposal is really just deferring the issue, not fixing it. You're moving the problem from one place to another, not removing the problem. The useful part of your suggestion is "require authentication", and that can be done within SMTP. The rest of your suggestion is not really doing anything useful.
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: Logan Shaw wrote: On Wed, 2 Aug 2006, Marc Perkel wrote: SMTP passwords go away because SMTP goes away. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol. That's all well and good saying SMTP is server to server only, but how are you going to get the spammers to cooperate? Do you think they will volunteer? And when you are running an SMTP server, how can you tell if SMTP connections that it receives are really coming from another server? - Logan If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it. The other problem you run into is the fact that one man's SPAM is another man's acceptable email.
Re: What changes would you make to stop spam? - United Nations Paper
Logan Shaw wrote: On Wed, 2 Aug 2006, Marc Perkel wrote: SMTP passwords go away because SMTP goes away. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol. That's all well and good saying SMTP is server to server only, but how are you going to get the spammers to cooperate? Do you think they will volunteer? And when you are running an SMTP server, how can you tell if SMTP connections that it receives are really coming from another server? - Logan If SMTP becomes a server to server protocol then it will wipe out consumer virus infected spam zombies. It's not going to get rid of all spam - just most of it.
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: Magnus Holmgren wrote: > SMTP passwords go away because SMTP goes away. If the user doesn't store the password then they would type it in when say Thunderbird first starts. At that point obly thunderbird, not the virus program would have access to the IMAP port. If the virus wanted access it would have to establish it's own connection which would require it's own authentication. A password is a password is a password. Weither it be the login to whatever system you use, your bank password, it doesn't matter. What remains is, its a string of characters that is entered by a human. The user WILL ALWAYS click "remember password" -- Game over. I can get the password. You have to be able to retrieve the password some how to send down the pipe to the IMAP server, so this is NO better than SMTP. If you managed to get every user on the planet to NOT store their email password, then all the virus/spam software has to do is setup a proxy, grab all the data out of the client program, and inject its own mail when the time is right. Didn't stop the spam, didn't do any good. Now there is more overhead for an ISP to handle and the issue remains. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol. Fine and dandy. Same issues, no resolution, more overhead, more cost. Not really feasible. SMTP does EXACTLY what you are purposing already. Why bother with all of the other aspects of IMAP if all you want to do is send mail? My ISP at home requires auth of their SMTP connections (Bellsouth) which is exactly the same username/password pair as my pop3 password. If your SMTP password is different than your pop3 password, gripe with your ISP. -- Thanks, James
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Marc Perkel wrote: SMTP passwords go away because SMTP goes away. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol. That's all well and good saying SMTP is server to server only, but how are you going to get the spammers to cooperate? Do you think they will volunteer? And when you are running an SMTP server, how can you tell if SMTP connections that it receives are really coming from another server? - Logan
Re: What changes would you make to stop spam? - United Nations Paper
Magnus Holmgren wrote: On Wednesday 02 August 2006 21:29, Marc Perkel took the opportunity to say: The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. In that case, neither the SMTP password, which we have to assume is required. But in most cases I think the spamware has access to the password if it wants to. Especially with admin privileges. SMTP passwords go away because SMTP goes away. If the user doesn't store the password then they would type it in when say Thunderbird first starts. At that point obly thunderbird, not the virus program would have access to the IMAP port. If the virus wanted access it would have to establish it's own connection which would require it's own authentication. If you use IMAP for your outgoing email from the client you no longer need port 25 except for server to server transfers. The only outgoing path is the IMAP connection which requires authentication. Zombies wouldn't have the password and wouldn't have access to any way to send email. Not with SMTP on port 587 either. Not that it's easy, but getting everyone in the world to use a different port sure is easier than getting everyone in the world to use a different protocol, one that would need code to be written for first. The idea is that outgoing IMAP would replace SMTP and there would be no SMTP between clients and servers. SMTP would be a server to server protocol.
Re: What changes would you make to stop spam? - United Nations Paper
JamesDR wrote: And this differs from SMTP AUTH in what way? With SMTP AUTH te authentication for the outbound email isn't necessarilly the same as the incoming email. If you use IMAP to send email then the user has to know the IMAP password to send email. It also doesn't require a separate connection on a separate port. Why use 2 protocols when you can use one? IMAP/IMAP SEND Mail storage for ISP? Say 100MB. (ISP WILL HAVE TO allocate this much for every user, say you have 40K users... you can see how expensive this will become.) Help desk calls because of over limit? Quite a few because the email client will just keep the messages on the server. There would have to be a POP SEND as well.
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 21:29, Marc Perkel took the opportunity to say: > The zombies wouldn't be able to connect because the zombies wouldn't > have the IMAP password. In that case, neither the SMTP password, which we have to assume is required. But in most cases I think the spamware has access to the password if it wants to. Especially with admin privileges. > If you use IMAP for your outgoing email from the client you no longer > need port 25 except for server to server transfers. The only outgoing > path is the IMAP connection which requires authentication. Zombies > wouldn't have the password and wouldn't have access to any way to send > email. Not with SMTP on port 587 either. Not that it's easy, but getting everyone in the world to use a different port sure is easier than getting everyone in the world to use a different protocol, one that would need code to be written for first. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpji23AvYAMc.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: Magnus Holmgren wrote: On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. I think part of the problem is that the receiving SMTP server can't tell if email is coming from another SMTP server or a virus infected spam zombie. Yes, but that problem isn't solved by using a different protocol to submit mail. How are you going to enforce it, without also blocking port 25 outbound? That, or a global whitelist, is the necessary and sufficient condition for stopping direct zombie connections. If you use IMAP for your outgoing email from the client you no longer need port 25 except for server to server transfers. The only outgoing path is the IMAP connection which requires authentication. Zombies wouldn't have the password and wouldn't have access to any way to send email. And this differs from SMTP AUTH in what way? ISP: *Blocks pt 25 outbound. *Requires all of its users to AUTH sending through its servers. I see using IMAP as a bad reason to stop spam. Think of this. The normal user knows to get their mail from mail.isp.com and send mail to mail.isp.com (SMTP,POP respectively.) All email clients I've ever seen are setup to delete messages off the server when they have downloaded them by default (POP3.) POP3/SMTP AUTH Mail storage for ISP? Say 100MB. (ISP's don't allocate this my the number of users, they know that they won't be storing that much mail for that long.) Help desk calls because of over limit? Very few. IMAP/IMAP SEND Mail storage for ISP? Say 100MB. (ISP WILL HAVE TO allocate this much for every user, say you have 40K users... you can see how expensive this will become.) Help desk calls because of over limit? Quite a few because the email client will just keep the messages on the server. I'd be surprised if you'd convince a broad range of ISP's to implement IMAP for all their users... ISP's complain about network infrastructure upgrades, what do you think will happen when their server farm will have to grow by 1X for storage? They'll just laugh. Now if you are a small time ISP, and have deep pockets, sure implement this strategy. But I'm very doubtful they will. I know I won't. I block locally all outbound and inbound port 25 (except where needed.) I work for a private company and can do this. By not blocking on even a corp LAN, you are exposing yourself to possible infections by users setting up their MUA to get mail from their ISP's server... I may be thought of as a Mail Nazi, but I also can say with 100% assurance, our network here will not spread a virus or spam. Everything scanned, everything checked, what isn't is blocked. -- Thanks, James
Re: What changes would you make to stop spam? - United Nations Paper
Magnus Holmgren wrote: On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. It created an authenticated connection back to the server where the POP/IMAP server hands it off to the SMTP server. That way email clients aren't using the same protocol as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. The zombies wouldn't be able to connect because the zombies wouldn't have the IMAP password. I think part of the problem is that the receiving SMTP server can't tell if email is coming from another SMTP server or a virus infected spam zombie. Yes, but that problem isn't solved by using a different protocol to submit mail. How are you going to enforce it, without also blocking port 25 outbound? That, or a global whitelist, is the necessary and sufficient condition for stopping direct zombie connections. If you use IMAP for your outgoing email from the client you no longer need port 25 except for server to server transfers. The only outgoing path is the IMAP connection which requires authentication. Zombies wouldn't have the password and wouldn't have access to any way to send email.
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 14:37, Marc Perkel took the opportunity to say: > Why not just eliminate the SMTP protocol for end users and keep SMTP as > a server to server protocol and have users send theit email to the > server by extending POP/IMAP to send email. It created an authenticated > connection back to the server where the POP/IMAP server hands it off to > the SMTP server. That way email clients aren't using the same protocol > as email servers. Why? It's not, like, that MUAs try to deliver directly to the recipient MX. If all ISPs block port 25 outbound, it doesn't matter what protocol end users use to submit their mail to their local MTA. Otherwise, zombies can still try to connect directly, and you'll have to rely on DUL and other blacklists to figure out which IP addresses belong to end users. > I think part of the problem is that the receiving SMTP server can't tell > if email is coming from another SMTP server or a virus infected spam > zombie. Yes, but that problem isn't solved by using a different protocol to submit mail. How are you going to enforce it, without also blocking port 25 outbound? That, or a global whitelist, is the necessary and sufficient condition for stopping direct zombie connections. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpPDmRa1exve.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
On Wednesday 02 August 2006 19:24, Kenneth Porter took the opportunity to say: > --On Wednesday, August 02, 2006 3:03 PM +0100 Graham Murray > > <[EMAIL PROTECTED]> wrote: > > Personally I would solve the problem by going the other way. Get rid > > of dynamic IP addresses > > Interesting idea. It's my understanding that dynamic addresses are used due > to the IPv4 shortage, so if we can push for more IPv6 deployment, we get > the technical means to get rid of dynamic addresses. (Aside from addresses, > are there other configuration settings that need to be handed down by DHCP? > Does IPv6 auto-config take care of DNS and routing?) "Although IPv6's stateless address autoconfiguration removes the primary motivation for DHCP in IPv4, DHCPv6 can still be used to statefully assign addresses if the network administrator desires more control over addressing. It can also be used to distribute information which is not otherwise discoverable; the most important case of this is the DNS server." http://en.wikipedia.org/wiki/DHCPv6 -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpS8KS0OWF5g.pgp Description: PGP signature
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Kenneth Porter wrote: --On Wednesday, August 02, 2006 5:37 AM -0700 Marc Perkel <[EMAIL PROTECTED]> wrote: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. What's your objection to authenticated SMTP? It already exists, and clients support it. All my users use it. About the only hitch is that I have to configure the server twice in Mozilla. (It would be nice to have a checkbox to say that the SMTP info is the same as the IMAP info, except for port number.) It's not my favorite MUA, but that already exists in MS Outlook. It has a checkbox exactly like that labelled "Use same settings as my incoming mail server." What might really be nice is some sort of language that could be used to write up a document to configure a mail client for a given ISP and user. It could configure all necessary settings and would work with any client, making this a one-step process even if 10 or 20 different settings have to be entered. - Logan
Re: What changes would you make to stop spam? - United Nations Paper
Kenneth Porter wrote: > > Does it really have to be funneled through their SMTP servers? Would it > not > be sufficient simply to add a connection-level SYN throttle on that port > at > the routers? Perhaps someone here could propose a set of iptables rules > that would implement this. Or the equivalent rule for a Cisco. > I understand 'funneling' as routing, but what I mean is the customer has to configure smtp.provider.com as outgoing mailserver. On my Cisco PIX firewalls I have configured embryonic limits on every static, Cisco FW-IOS has (I think) about the same commands, in plain IOS I wouldn't know the command. Anyway, IMHO with SYN throttle you would only be rate-limiting the zombies, I would rather they stopped sending spam completely.. Regards Menno -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5620144 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 10:38 AM -0700 MennovB <[EMAIL PROTECTED]> wrote: Don't think that's needed, if ISP's only allow outgoing SMTP to the ISP's SMTP servers and not directly then most (current) bots and most spam will be dealt with. I wouldn't be surprised to see the amount of spam then drop more than 80%. (I know, just repeating myself ;-)) Does it really have to be funneled through their SMTP servers? Would it not be sufficient simply to add a connection-level SYN throttle on that port at the routers? Perhaps someone here could propose a set of iptables rules that would implement this. Or the equivalent rule for a Cisco.
Re: What changes would you make to stop spam? - United Nations Paper
Kenneth Porter wrote: --On Wednesday, August 02, 2006 5:37 AM -0700 Marc Perkel <[EMAIL PROTECTED]> wrote: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. What's your objection to authenticated SMTP? It already exists, and clients support it. All my users use it. If IMAP had the ability to send email to the server then SMTP could be a server to server protocol and IMAP would be the consumer connection protocol. That would make it so that servers don't have to talk to end users pretending to be SMTP servers. You could wall off port 25 and isolate the spam zombies. About the only hitch is that I have to configure the server twice in Mozilla. (It would be nice to have a checkbox to say that the SMTP info is the same as the IMAP info, except for port number.) If IMAP could send you wouldn't have to configure it twice.
Re: What changes would you make to stop spam? - United Nations Paper
It occurred to me that it would be nice to have a dynamic IP whitelist, such that clueful users could connect via secure DNS update and register as having a clueful MTA on their LAN that sends clean direct-to-MX. If such a whitelist existed, I would be a lot more comfortable using a DUL blacklist. (BTW, do any ISP's include a no-direct-MX clause in their ToS? I know that most specify no servers (again, Speakeasy being the clueful exception), but direct-to-MX is not a server.)
Re: What changes would you make to stop spam? - United Nations Paper
John D. Hardin wrote: > > On Tue, 1 Aug 2006, John Rudd wrote: > Reducing volume of spam *sent* probably requires fundamental redesign > of the protocols, or some other major change in the cost/benefit > analysis. > Don't think that's needed, if ISP's only allow outgoing SMTP to the ISP's SMTP servers and not directly then most (current) bots and most spam will be dealt with. I wouldn't be surprised to see the amount of spam then drop more than 80%. (I know, just repeating myself ;-)) Come to think of it, changes are the zombies/bots will then be used for DDOS'ing everything that has an IP-address just as revenge :( Regards Menno -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5618619 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 5:37 AM -0700 Marc Perkel <[EMAIL PROTECTED]> wrote: Why not just eliminate the SMTP protocol for end users and keep SMTP as a server to server protocol and have users send theit email to the server by extending POP/IMAP to send email. What's your objection to authenticated SMTP? It already exists, and clients support it. All my users use it. About the only hitch is that I have to configure the server twice in Mozilla. (It would be nice to have a checkbox to say that the SMTP info is the same as the IMAP info, except for port number.)
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 3:03 PM +0100 Graham Murray <[EMAIL PROTECTED]> wrote: Personally I would solve the problem by going the other way. Get rid of dynamic IP addresses Interesting idea. It's my understanding that dynamic addresses are used due to the IPv4 shortage, so if we can push for more IPv6 deployment, we get the technical means to get rid of dynamic addresses. (Aside from addresses, are there other configuration settings that need to be handed down by DHCP? Does IPv6 auto-config take care of DNS and routing?)
Re: What changes would you make to stop spam? - United Nations Paper
Rob McEwen wrote: Honestly, I haven't been following this thread much... but I do want to add that the UN is full of thugs who are power hungry and would like very much to control the Internet and implement a world tax and probably a tax on the Internet as well. Just to keep things in perspective, there are plenty of people who would say the exact same thing, except substituting "US" for "UN" and "George W. Bush" for "Kofi Annan". Even the comparison to Palpatine. Now, back on the subject of actually fighting spam... -- Kelson Vibber SpeedGate Communications
Re: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 8:23 AM -0700 "John D. Hardin" <[EMAIL PROTECTED]> wrote: I think that a default level of filtering - SMTP and the Microsoft protocols that were only intended for use on a LAN - should be in place to deal with the default level of end-user administrative skill - low to nonexistent. However I *don't* think that clueful administrators and users should be subject to such restrictions, and should be able to opt out without charge. Alas, I know of only one ISP (Speakeasy) clueful enough to implement this, and they're DSL-only. Those of us on very long phone lines and only able to get broadband via cable are stuck with the clueless ISP's operating over that medium. The only way to get a home office connection with a static IP is through an expensive T1. It's very frustrating.
Re: What changes would you make to stop spam? - United Nations Paper
LOL! Thanks for the reminder. Best of luck in your efforts to "stop SPAM" around the world. Sincerest regards, James Butler Chairman, Board of Directors Internet Society - Los Angeles Chapter California, USA *** REPLY SEPARATOR *** On 8/1/06 at 11:29 PM jdow wrote: >Mr Butler, with all due respect go pound sand. You've convinced me that >we should kick the UN out of the United States so that idiots like you >do not spam mailing lists like this. > >You're an fscking idiot. >{`,'} >- Original Message - >From: "James" <[EMAIL PROTECTED]> >To: >Sent: Tuesday, August 01, 2006 21:05 >Subject: Re: What changes would you make to stop spam? - United Nations >Paper > > >>A little bit sorry for the top-post ... but .. Re: Kofi Annan's quote >> from the post dated today at around 6:20 PM PST: >> >> "The problem has risen to a level requiring that the United Nations be >> aware of the issue and to take steps to address the problem.*"* >> >> I simply do not agree. The U.N. has far more important and pressing >> issues to deal with than SPAM, which is essentially a corporate >> productivity problem. >> >> Consider: Oh, geez, the hundreds of truly consequential issues facing a >> global assembly of governments in today's world. >> >> Compare that with (from my own example) the several hundreds of SPAM >> message I filter for my staff, each day. Ok ... after a weekend off, >> it's somewhere areound 1,500 SPAM message ... regardless, with a tiny >> bit of traning, any human can be trained to quickly scan the company >> queue and remove any of today's SPAM from the company inboxes. >> >> While I agree that even that is too much for a small business to be >> satisfied with (it certainly won't make the company go broke), it's >> simply not that great an issue, when compared to world-affecting issues >> like Poverty and whatnot. >> >> I say "good luck" with your proposal but NOT "good luck" getting the >> money you want to get from the U.N. to be put toward "solving" this >> problem. It's simply not an issue I believe we should be spending any >> portion of that particular budget for. >> >> Sincerest regards, >> >> James Butler >> Chairman, Board of Directors >> Internet Society - Los Angeles Chapter >> California, USA >> >> John Rudd wrote: >> >>> >>> On Aug 1, 2006, at 6:54 PM, John D. Hardin wrote: >>> >>>> On Tue, 1 Aug 2006, jdow wrote: >>>> >>>>> From: "Marc Perkel" <[EMAIL PROTECTED]> >>>>> >>>>>> Allowing IMAP/POP to Send Email >>>>> >>>>> >>>>> Nonsense. >>>> >>>> >>>> ...is there an echo in here? ;) >>>> >>> >>> Having also said the same thing ... Doesn't part of Microsoft's >>> extension to IMAP (called MAPI, oh so original) also support sending >>> via IMAP? >>
Re: What changes would you make to stop spam? - United Nations Paper
--On Tuesday, August 01, 2006 2:06 PM -0700 John Rudd <[EMAIL PROTECTED]> wrote: 1) Require Virus Scanning on all SMTP transactions Compare to requiring standards-compliance throughout the process, and particularly in message content. If you're allowed to discard all MIME content that fails to validate against published standards, you can drop all the HTML and image buffoonery that spammers hide within. You'd also drop a significant amount of legitimate business traffic generated by the world's most popular office suite. H.
RE: What changes would you make to stop spam? - United Nations Paper
--On Wednesday, August 02, 2006 11:09 AM -0400 Rob McEwen <[EMAIL PROTECTED]> wrote: Honestly, I haven't been following this thread much... but I do want to add that the UN is full of thugs who are power hungry and would like very much to control the Internet and implement a world tax and probably a tax on the Internet as well. Good point. While stopping spam, we shouldn't destroy anonymity. I'm sure repressive regimes like North Korea and Iran would love an anti-spam measure that let them keep better tabs on what their citizens are saying.
Re: What changes would you make to stop spam? - United Nations Paper
On 8/2/06, Marc Perkel <[EMAIL PROTECTED]> wrote: Here's what I've written so far. Deadline is today. Still working on it. http://wiki.ctyme.com/index.php/UN_Spam_Paper Rather than "extend POP/IMAP to send mail", which quite frankly will never happen (contact the author of the IMAP protocol, Mark Crispin, if you want the full rant -- you shouldn't have any trouble finding his email address if you search), please suggest that the SUBMIT protocol be used. RFC 2476 and 4409. See also RFC 4405.
RE: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Zinski, Steve wrote: > > A possibly better method is to block SMTP outbound from the ISP. > > That's what we do here at the University of Richmond. Our firewall is > configued to block all outbound SMTP connections (except those of our > legitimate SMTP servers). This dramatically reduced the flow of spam > from our campus. We can now use tools to track (and block) spammers > since we only have to watch one or two servers (SpamShield works > nicely!) Do you also watch the logs of blocked outbound SMTP to detect and fix infected hosts? -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows.-- anytwofiveelevenis on Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Tue, 1 Aug 2006, John Rudd wrote: > On Aug 1, 2006, at 10:24 PM, John Andersen wrote: > > > > Direct deliver is not evil, and the current fad of blocking DHCP > > assigned IPs had not cut down on spam one little bit. > > It actually blocks a ton of spam in my world. ...which brings up something I have noticed in discussions about spam: How many people consider "cut down on spam" or "reduce spam" from the POV of spam sent vs. the POV of spam received? In other words, Mr. Anderson seems to be saying "hasn't reduced the amount being sent", and Mr. Rudd is saying "has reduced the amount being delivered to my inbox". Reducing the amount of spam delivered to the user's inbox is good for the user, and is what SA is good at. Reducing the amount of spam actually sent in the first place is good for the entire network community, and a more important long-term goal because it reduces the overall load on the network infrastructure; but it is something that SA and DNSBLs and greylisting and such are NOT (directly at least) achieving. In fact, SA and related tools may be having a detrimental effect overall because they cause the spammers to send that much *more* spam in an attempt to bypass the filters and TMPFAILs and so forth. Reducing volume of spam *sent* probably requires fundamental redesign of the protocols, or some other major change in the cost/benefit analysis. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows.-- anytwofiveelevenis on Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Marc Perkel wrote: I think what you are doing is a step in the right direction. But imagine if the users IMAP connection could be used to send mail back up the link then you wouldn't need to do SMTP to the users at all. All you would have to do is configure a way for the IMAP server to hand outgoing email off to the SMTP server. Yeah, but imagine if an SMTP AUTH connection could be used to send mail back up to the server. Then you wouldn't need to use IMAP to send mail at all. All you would have to do is nothing, since SMTP AUTH already works and provides the same benefits. - Logan
Re: What changes would you make to stop spam? - United Nations Paper
On Tue, 1 Aug 2006, John Andersen wrote: > On Tuesday 01 August 2006 17:49, John D. Hardin wrote: > > Please don't pollute the IMAP and POP protocols this way. The problem > > can be easily solved with no changes to existing tools if the ISP > > blocks all outbound SMTP from their dynamic client ranges and requires > > SMTP AUTH via their mail servers for outbound email. > > That solves nothing. > > Carried to the logical extension, why not just route ALL email > through governments. > > SMTP was designed for direct delivery. ISPs do not and can not > filter all mail, and when they try they invariably become part of > the problem. I also believe that you should be able to register as "clueful" with your ISP and have the filters removed. I think that a default level of filtering - SMTP and the Microsoft protocols that were only intended for use on a LAN - should be in place to deal with the default level of end-user administrative skill - low to nonexistent. However I *don't* think that clueful administrators and users should be subject to such restrictions, and should be able to opt out without charge. > In fact, spam friendly ISPs are a bigger problem than 100,000 > linux users running their own MTA. What upstream is going to shut > down a fat contract ISP because of spam? Spam-friendly ISPs are easy to isolate via DNSBLs. And I don't worry as much about Linux users running their own MTA as I do about hordes of p0wned Winders boxen running spambots without their owners' knowledge. > Your elitist attitude is not really helpful. Elitist? Sure. But my opinion is supported by the number of clueless, bot-controlled leaf nodes that are directly connected to the Internet and spewing crap at everybody else. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows.-- anytwofiveelevenis on Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 2 Aug 2006, Tom Ray wrote: > > have registered that does not have working (i.e. read-by-a-human) > > postmaster@ and abuse@ aliases? > > Being that I am a domain registrar (small but still) how will I > know if they have a working postmaster or abuse alias? Easy. Send them an email and see if they respond. Make it clear in the service agreement that they (hopefully) read before registering a domain that this is a requirement. > And even if they did a quick filter setup at the server level will > have those mails /dev/null'd in no time. Check back periodically. Note to them that if you get complaints about non-working aliases you will block the domain until they *do* work. > This isn't a feasible idea for one reason and one reason only, > Network Solutions. They'll find some way to re-route that domain > to their own use. I agree it isn't a perfect solution given that some registrar somewhere won't enforce it. After all, there are "spam-friendly" registrars these days. Which suggests another idea: is there a SURBL for domains registered with Known Evil registrars? And it's also extra work for an already low-margin operation. > >> 5) Require ISP's to channel their customer's email through their own > >> mail servers (which will have some impact upon SPF tracking as well) > >> and not allow any non-business customers, nor any dynamic customers > >> (business or commercial), to directly connect to other mail servers. > > > > Totalitarian regimes will *love* that one. ISPs will hate it. > > Hate to break the news to you but many ISPs are already not > allowing their users to connect via port 25 outside their > networks. Comcast has done it, as have a few others already. I run > into this a lot because I'm also a hosting company and offer SMTP > Auth but many customers have issues because they can't connect to > port 25 on my mail server. Do you support SMTP-via-SSL (ssmtp, 465/tcp)? Do the ISPs also block that port? In modern clients setting that up is just checking a checkbox. > I also totally agree with this practice, if they are going to be > on the hook for something their users did then they need to keep a > watchful eye on their customers. Hrm. Then why do so many disclaim responsibility when they are told about known bot-controlled customer systems actively attacking others? > ISPs don't hate this considering that many ISPs now do hosting, > it's a way for them to get their customers to bring the hosting > over to them also. I was thinking more about the ISP being reluctant to buy more servers to handle the increased email volume, but upon more thought I realize that this isn't likely to be an issue for several reasons. I'm also somewhat leery about having ISPs filter *any* traffic, apart from MS Networking; the potential for abuse is great. I was just throwing out ideas. What I would *like* to see is ISPs adopt a default filtering stance that blocks outbound SMTP, 1025-1029/udp, MS Networking and MSSQL, which would cover the vast majority of inbound crap my systems automatically discard, and have a "register your account as clueful" policy (at no extra charge!) that removes that filtering for your IP when you connect. The Great Unwashed need handholding, but that shouldn't cripple those who know how to administer their systems properly. But I realize this is a dream. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows.-- anytwofiveelevenis on Y! SCOX ---
Re: What changes would you make to stop spam? - United Nations Paper
On Wed, 02 Aug 2006 10:43:41 -0400, "Rosenbaum, Larry M." <[EMAIL PROTECTED]> opined: > > > > From: David Cary Hart [mailto:[EMAIL PROTECTED] > > ... > > Look for social and societal solutions. Spammers keep pace with > > every technological method. > > > > "Our" greatest failure is that we have not promulgated the notion > > that purchasing goods and services from spammers is subsidizing > > criminals. It is not - and should be - socially unacceptable to > > buy from spammers. When have you ever seen a public service > > advertisement - on any medium - regarding this issue? > > Perhaps we could tie that in with the war on terror? "If you buy > from a spammer, you're putting money in the terrorists' pockets." > It might even work better than the similar-themed war on drugs ads. I would be very happy if the blacklist I administer was rendered unnecessary. There's enough pointless hyperbole floating around to make a US Congressman seem pragmatic. You can filter it, delete it and blacklist it. You can employ any number of commercial schemes that claim to kill off all of the spam that you might otherwise receive. At the end of the day, though, if there is a solution it is on the demand side. Spam will cease when people cease purchasing goods and services marketed through spam. Doing so subsidizes criminals. -- Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com Don't Subsidize Criminals: http://boulderpledge.org
RE: What changes would you make to stop spam? - United Nations Paper
Honestly, I haven't been following this thread much... but I do want to add that the UN is full of thugs who are power hungry and would like very much to control the Internet and implement a world tax and probably a tax on the Internet as well. They will do this all in the name of "helping" us... just like Hugo Chavez is "helping" the Venezuelans... but like Chavez, who is turning Venezuela into a new Cuba and himself into his beloved Castro, those guys at the UN are more concerned about their own power and about extracting (or extorting) wealth and power away from the U.S. and other "rich" western countries. SEE: http://www.opinionjournal.com/extra/?id=110007381 http://www.washtimes.com/world/20031208-125717-6682r.htm As far as I'm concerned, there is really no difference (intention-wise) between Kofi Annan and Supreme Chancellor Palpatine... except that Kofi is much dumber and not nearly as powerful as Palpatine... (at least not yet). So be careful about anything the U.N. might come up with to "rescue" us! Rob McEwen PowerView Systems
RE: What changes would you make to stop spam? - United Nations Paper
> From: Evan Platt [mailto:[EMAIL PROTECTED] ... > Speaking of which, when they give a person the lethal injection, why > do they wipe the area with a alcohol swab? To protect the needle?
RE: What changes would you make to stop spam? - United Nations Paper
> From: David Cary Hart [mailto:[EMAIL PROTECTED] > ... > Look for social and societal solutions. Spammers keep pace with every > technological method. > > "Our" greatest failure is that we have not promulgated the notion that > purchasing goods and services from spammers is subsidizing criminals. > It is not - and should be - socially unacceptable to buy from > spammers. When have you ever seen a public service advertisement - > on any medium - regarding this issue? Perhaps we could tie that in with the war on terror? "If you buy from a spammer, you're putting money in the terrorists' pockets." It might even work better than the similar-themed war on drugs ads.
Re: What changes would you make to stop spam? - United Nations Paper
Marc Perkel wrote: > > Here's what I've written so far. Deadline is today. Still working on it. > http://wiki.ctyme.com/index.php/UN_Spam_Paper > I think in this part you're missing one of the main issues: Marc Perkel wrote: > > "Today we have more of a consumer model where consumers run email clients > and leave the SMTP servers to their Internet Service Providers (ISPs) The > user creates an email message that is sent to their local ISP who has an > SMTP server. That server accepts the email and then transfers the email by > SMTP to the server that stores the incoming email for that user. Then the > recipient connects to their server by POP/IMAP protocols to download their > email. > The problem is that anyone can impersonate any other person by setting > their address to be anyone else on the planet." > The problem is that these zombies do NOT use the ISP SMTP servers but send it directly to the SMTP-server of the addressed person. And this could (and already is in some cases) be prohibited by the provider by only allowing SMTP traffic from the client to the SMTP-servers of the ISP itself, not to others. After that action there is time to work on a better mail protocol. Marc Perkel wrote: > > This junk email known as “Spam” is NOT over 90% of all email traffic. > I think you mean "now" ? In "the cost of spam" I miss the SCAM (some people really fell for this and have lost thousands of dollars..) and FISHING (lots of this to collect accounts and passwords for banks, credit-card info etc). In "Microsoft Zombies" there is a lot of text how bad Microsoft is, that's OK but I think the user is to blame too, if they don't think and just keep clicking yes/ok then eventually they will install malware no matter what patches. In "where spam comes from" I think some countries could be mentioned, like China and Korea that happily do the hosting for western spammers, and where the ISPs do not act on abuse messages about zombies. My few eurocents.. Regards Menno van Bennekom -- View this message in context: http://www.nabble.com/What-changes-would-you-make-to-stop-spamUnited-Nations-Paper-tf2035870.html#a5614921 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: What changes would you make to stop spam? - United Nations Paper
Tom Ray <[EMAIL PROTECTED]> writes: > I also totally agree with this practice, if they are going to be on > the hook for something their users did then they need to keep a > watchful eye on their customers. But the ISPs should not be 'on the hook' for something their users did. What is needed is for users to take more responsibility for their own systems and for ISPs to become like telephone service providers. If someone makes a nuisance of themselves using the telephone, the user (or renter of the number), not the telephone company, is held responsible and has to carry the can. Personally I would solve the problem by going the other way. Get rid of dynamic IP addresses, especially for ADSL and cable, go back to the traditional mechanism of sending mail direct to MX rather than using an ISP's MTA for outgoing mail, have customers register their own domain name(s)[1] and get rid of email addresses of the form [EMAIL PROTECTED] Keep the ISPs incoming SMTP to POP/IMAP server as many people do not run 24/7. That way the customer would be responsible for any traffic (email or otherwise) originating from his IP address(es) in same way as he is responsible for any calls made from his phone number. [1] For example the ISP I use provides registration and administration of 1 domain in the price of standard ADSL.