IETF Logo Mail Archive

[Asrg] Re: Consent protocols - was E-postage

David Maxwell <david@vex.net> Fri, 30 April 2004 21:36 UTC

Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05649 for <asrg-archive@odin.ietf.org>; Fri, 30 Apr 2004 17:36:41 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJfYk-0005mI-Fb for asrg-archive@odin.ietf.org; Fri, 30 Apr 2004 17:28:38 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3ULSceU022206 for asrg-archive@odin.ietf.org; Fri, 30 Apr 2004 17:28:38 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJfOQ-00036s-PV for asrg-web-archive@optimus.ietf.org; Fri, 30 Apr 2004 17:17:58 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA03927 for <asrg-web-archive@ietf.org>; Fri, 30 Apr 2004 17:17:55 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BJfOO-0002kd-Gp for asrg-web-archive@ietf.org; Fri, 30 Apr 2004 17:17:56 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BJfLg-0002Ka-00 for asrg-web-archive@ietf.org; Fri, 30 Apr 2004 17:15:09 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BJfK1-0001yy-00 for asrg-web-archive@ietf.org; Fri, 30 Apr 2004 17:13:25 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJf3B-0003zf-0s; Fri, 30 Apr 2004 16:56:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BJZts-0001V7-Dl for asrg@optimus.ietf.org; Fri, 30 Apr 2004 11:26:04 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08224 for <asrg@ietf.org>; Fri, 30 Apr 2004 11:26:01 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BJZtr-00019N-Cm for asrg@ietf.org; Fri, 30 Apr 2004 11:26:03 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BJZsx-000176-00 for asrg@ietf.org; Fri, 30 Apr 2004 11:25:07 -0400
Received: from h210.c136.b246.tor.eicat.ca ([66.246.136.210] helo=shell.vex.net) by ietf-mx with esmtp (Exim 4.12) id 1BJZsG-00015a-00 for asrg@ietf.org; Fri, 30 Apr 2004 11:24:24 -0400
Received: from smaug.vex.net (smaug.vex.net [66.246.136.211]) by shell.vex.net (Postfix) with ESMTP id 21243E544; Fri, 30 Apr 2004 11:24:27 -0400 (EDT)
Received: from mail.crlf.net (mail.crlf.net [216.126.92.195]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by smaug.vex.net (Postfix) with ESMTP id A4FA93584D; Fri, 30 Apr 2004 11:24:19 -0400 (EDT)
From: David Maxwell <david@vex.net>
To: John Levine <asrg@johnlevine.com>
Cc: asrg@ietf.org
Message-ID: <20040430152420.GN22336@mail>
References: <20040429215730.GK22336@mail> <20040430033434.23084.qmail@xuxa.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20040430033434.23084.qmail@xuxa.iecc.com>
User-Agent: Mutt/1.4.2i
Subject: [Asrg] Re: Consent protocols - was E-postage
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Fri, 30 Apr 2004 11:24:20 -0400
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

On Fri, 30 Apr 2004, John Levine wrote:
> >> f. Sender pretends to be 300 other people and sends you buckets of spam.
> >> 
> >> Bad guys won't play by your rules.
> >
> >That's not an assumption in the example. Sender can't pretend to be a
> >different Src IP.
> 
> The spam senders I know, withe their farms of zombies, don't have to
> pretend to be different source IPs, because each zombie has a separate
> IP all of its own.

That's not a problem. Each IP is a new Source, since it has no
reputation, it will be allocated 1msg/h (or whatever your initial
setting is). That means that you're down to 300 spam/h received in your
entire domain.

Now, if you like, add greylisting for unknown senders, so that those 300
msgs won't be accepted on the first try. Then, add a distributed
blacklist which you check your mailqueue against before delivery to
users' inboxes. Application of the blacklist can be part of whatever
other content spam filters the user has.

Now, each zombie can be used roughly once, before it gets into the
blacklist (they probably expire at some point). Spam sent from a
blacklisted zombie won't affect anyone who checks the list.

If you want some feedback to the zombie'd user, add a blacklist check to
your webpage - replace normal content with "This web page can not be
viewed by virus-infected client machines." - and maybe people would have
cause to clean up their PCs.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email