IETF Logo Mail Archive

Re: [Asrg] Cutting down spam load

gep2@terabites.com Fri, 20 June 2003 20:55 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08121 for <asrg-archive@odin.ietf.org>; Fri, 20 Jun 2003 16:55:32 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5KKt4Y06437 for asrg-archive@odin.ietf.org; Fri, 20 Jun 2003 16:55:04 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TSuW-0001fk-LN for asrg-web-archive@optimus.ietf.org; Fri, 20 Jun 2003 16:55:04 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08096; Fri, 20 Jun 2003 16:55:01 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TSuU-00039t-00; Fri, 20 Jun 2003 16:55:02 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19TSuU-00039q-00; Fri, 20 Jun 2003 16:55:02 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TSuU-0001ds-DK; Fri, 20 Jun 2003 16:55:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19TSto-0001dD-AJ for asrg@optimus.ietf.org; Fri, 20 Jun 2003 16:54:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08058 for <asrg@ietf.org>; Fri, 20 Jun 2003 16:54:17 -0400 (EDT)
From: gep2@terabites.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19TStm-00039a-00 for asrg@ietf.org; Fri, 20 Jun 2003 16:54:18 -0400
Received: from h002.c000.snv.cp.net ([209.228.32.66] helo=c000.snv.cp.net) by ietf-mx with smtp (Exim 4.12) id 19TStl-00039X-00 for asrg@ietf.org; Fri, 20 Jun 2003 16:54:17 -0400
Received: (cpmta 4976 invoked from network); 20 Jun 2003 13:54:16 -0700
Received: from 12.239.18.238 (HELO WinProxy.anywhere) by smtp.terabites.com (209.228.32.66) with SMTP; 20 Jun 2003 13:54:16 -0700
X-Sent: 20 Jun 2003 20:54:16 GMT
Received: from 192.168.0.30 by 192.168.0.1 (WinProxy); Fri, 20 Jun 2003 15:52:23 -0600
Received: from 192.168.0.240 (unverified [192.168.0.240]) by nts1.terabites.com (EMWAC SMTPRS 0.83) with SMTP id <B0000024122@nts1.terabites.com>; Fri, 20 Jun 2003 16:19:30 -0500
Message-ID: <B0000024122@nts1.terabites.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Cutting down spam load
To: Yakov Shafranovich <research@solidmatrix.com>, gep2@terabites.com, asrg@ietf.org
In-Reply-To: <5.2.0.9.2.20030620112322.00b9fac8@std5.imagineis.com>
X-Mailer: SPRY Mail Version: 04.00.06.17
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 20 Jun 2003 16:19:30 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

>>AND, don't forget, another big benefit is blocking NOT ONLY JUST spam, but 
>>also
>>viruses/worms/trojans.  In many cases, those are sent from 'legitimate' 
>>senders
>>and without hijacking open relays... so things like spf wouldn't help 
>>(even IF
>>you could realistically speaking block 'non-verifiable' senders, which is way
>>less than clear) but my permissions-list approach would block probably 
>>80-90% or
>>more of such malicious stuff, too.  By blocking (by default) ALL attachments
>>coming from people you don't normally expect to get attachments from, you're
>>blocking malicious code, too.  Sure, you'll open up the "attachments allowed"
>>window for people you trust and authorize to send those, but that's going to
>>typically be a small percentage of the people you'd normally maybe receive
>>(ordinary) E-mails from.

>We do research into fighting spam, not viruses and worms. How does blocking 
>attachements going to stop spammers? 

Although

  1)  some spammers have been known to install spambots and zombies in unwitting 
users' systems, and those are installed via attachments;

and

  2)  text-as-image attachments are occasionally used by spammers to circumvent 
content/keyword scanners,

the real point is that by this one permission-based whitelist approach, we can 
use one, cohesive, straightforward, and incrementally deployable approach to 
take a big bite out of BOTH spam AND viruses/trojans... arguably the two biggest 
and most pressing problems we have on the Internet today.

Meanwhile, in so doing, we'll also help prevent the irresponsible and wasteful 
growth of (unnecessary) HTML-burdened E-mail, which all by itself could be 
expected to perhaps make as much as a 30-50% or more reduction in the total 
E-mail load, net-wide.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email