Re: [Asrg] Email service assumptions and making system-wide changes
Barry Shein <bzs@world.std.com> Tue, 17 January 2006 17:54 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Eyv2d-0007VW-QJ; Tue, 17 Jan 2006 12:54:47 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Eyv2b-0007VG-VS for asrg@megatron.ietf.org; Tue, 17 Jan 2006 12:54:46 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04689 for <asrg@ietf.org>; Tue, 17 Jan 2006 12:53:20 -0500 (EST)
Received: from pcls3.std.com ([192.74.137.143] helo=TheWorld.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EyvAl-0000gI-Ln for asrg@ietf.org; Tue, 17 Jan 2006 13:03:12 -0500
Received: from world.std.com (root@world.std.com [192.74.137.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id k0HHixuf011806; Tue, 17 Jan 2006 12:45:01 -0500
Received: (from bzs@localhost) by world.std.com (8.12.8p1/8.12.8) id k0HHiXx7014407; Tue, 17 Jan 2006 12:44:33 -0500 (EST)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <17357.11504.741228.156521@world.std.com>
Date: Tue, 17 Jan 2006 12:44:16 -0500
To: Seth Breidbart <sethb@panix.com>
Subject: Re: [Asrg] Email service assumptions and making system-wide changes
In-Reply-To: <200601170726.k0H7Q9b16604@panix5.panix.com>
References: <OF4768D65E.ECA3CB39-ON802570F8.004A9BA8-802570F8.004AA408@slc.co.uk> <43CBF4CD.30708@dcrocker.net> <17355.64568.706837.635025@world.std.com> <200601162206.k0GM68I27130@panix5.panix.com> <17356.38171.951736.912706@world.std.com> <200601170726.k0H7Q9b16604@panix5.panix.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
X-Spam-Status: No, score=-1.0 required=10.0 tests=ALL_TRUSTED,FUZZY_AMBIEN autolearn=failed version=3.1.0
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on pcls3.std.com
X-Virus-Scanned: ClamAV 0.86rc1/1244/Tue Jan 17 03:46:07 2006 on pcls3.std.com
X-Virus-Status: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 944ecb6e61f753561f559a497458fb4f
Content-Transfer-Encoding: 7bit
Cc: asrg@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
On January 17, 2006 at 02:26 sethb@panix.com (Seth Breidbart) wrote: > > I don't think there are all that many opportunities open to spammers > > to cause the kind of global mayhem they cause, and raising their > > cost of business (i.e., forcing them to retool drastically over and > > over) should have its effects on them. > > What part of that argument couldn't have been made about open relays > before the advent of botnets? > > Why don't you think it will sound just as silly after botnets have > been replace by the next thing? The process of identifying and closing the open relays was very helpful in closing subsequent spamming methods. The initial reaction to identifying open relays as major spam sources and requiring modification by their legitimate operators was frequently responded to with reactions ranging from "why me", to "why don't you find some other way to stop these guys?" and even "I have every right to run an open relay if I want / my server my rules" (I can name names.) By and large those attitudes changed as it was made more and more clear that open relays were a major target of opportunity for spammers. The activity of closing down open relays helped tremendously in establishing the ethic that if your server is being exploited in some obvious, fixable way by spammers you need to fix it and fix it quickly or, e.g., find your server in netwide blocklists. This carried over very well to similar exploits such as those found in popular web applications. One example is mailto.pl (Doug's WWW Mail Gateway), a perl CGI script which managed forms data for fill-in responses on web pages. It was popular and turned out to be exploitable by spammers; just stick in any target address and msg, more or less, and hit a site running the script over and over and it'd spew spam for you. In essence just automate filling out the form. The exploits actually allowed hundreds of target addresses per send. I know this first-hand because it was a bane here on World for a while. These were closed down in mass droves, after the open relay experience few needed to be asked twice. It never occurred to us to respond "oh why bother they'll just find another exploit?". We shut them down actively. Education, awareness, actual shutting down of probably tens of thousands of open relays, preparation and distribution of easy recipes for fixing common mail server (sendmail, postfix, exim, etc) configurations, and subsequent releases of those server software packages with those more secure configurations the default, and new features improving more secure behavior. More Importantly... I'm skeptical of your claim of this unending list of exploits readily available to replace zombie botnets and doubt it's a good analysis of the situation. Put simply, we'd see these new exploits already. Large botnet operators are being arrested and have been sentenced to hard time, or are facing hard time. Running and renting botnets is becoming dangerous, legally. If there were some other technology easily switched to they'd be switching to it already. So what is it? The arrest and conviction of botnet operators is a good development and should help. The impression is that many of them are willing to operate in the gray areas if they believe they are unlikely to be caught and convicted but few will persist as the behavior becomes more legally dangerous. Or they won't be able to persist from a jail cell if nothing else. And the fewer there are, the more likely the hardcore cases can be identified and arrested. That fact can't be missed except by the most naive criminals. Finally, we're talking about spammers finding a way to send many billions of messages per day, anonymously, with sufficient delivery resources, and in a manner difficult to identify and block technology. That's a long and difficult list of requirements. Such massive exploits don't just grow on trees. There haven't been very many successful methodologies for spammers in the past decade (throw away accounts, cooperative and/or negligent ISPs, open relays, botnets), and it's reasonable to assume the same will be true in the future. Successful exploits will be few and identifiable and we can deal with them when and if they come along. Put another way, what's the other choice? To just allow the zombie nets to operate because they might find another method? -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo* _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Re: Bots Frank Ellermann
- [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? der Mouse
- Re: [Asrg] Spam, why is it still a problem? Tom Petch
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Spam, why is it still a problem? Andrew W. Donoho
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- [Asrg] Re: Spam, why is it still a problem? Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- RE: [Asrg] Spam, why is it still a problem? Hallam-Baker, Phillip
- Re: [Asrg] Spam, why is it still a problem? Seth Breidbart
- [Asrg] Email service assumptions and making syste… Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Gadi Evron
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Tom Petch
- Bots was Re: [Asrg] Email service assumptions and… Tom Petch
- Re: [Asrg] Email service assumptions and making s… John Levine
- Re: Bots was Re: [Asrg] Email service assumptions… John Levine
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: Bots was Re: [Asrg] Email service assumptions… Barry Shein
- [Asrg] Re: Bots Frank Ellermann
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Douglas Otis
- Re: [Asrg] Re: Bots Seth Breidbart
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Gadi Evron
- Re: [Asrg] Re: Spam, why is it still a problem? Douglas Otis
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Bill Cole
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Laird Breyer
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- RE: [Asrg] Re: Spam, why is it still a problem? Wesley Peters
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Dave Crocker
- Re: [Asrg] Spam, why is it still a problem? Danny Angus