Re: [Asrg] Email service assumptions and making system-wide changes
Douglas Otis <dotis@mail-abuse.org> Tue, 17 January 2006 17:58 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Eyv6b-0008Iz-C1; Tue, 17 Jan 2006 12:58:53 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Eyv6a-0008Iu-8W for asrg@megatron.ietf.org; Tue, 17 Jan 2006 12:58:52 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04913 for <asrg@ietf.org>; Tue, 17 Jan 2006 12:57:27 -0500 (EST)
Received: from b.mail.sonic.net ([64.142.19.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EyvEj-0000lO-Sp for asrg@ietf.org; Tue, 17 Jan 2006 13:07:19 -0500
Received: from [168.61.10.151] (SJC-Office-DHCP-151.Mail-Abuse.ORG [168.61.10.151]) (authenticated bits=0) by b.mail.sonic.net (8.13.3/8.13.3) with ESMTP id k0HHwc5q019217 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Tue, 17 Jan 2006 09:58:38 -0800
In-Reply-To: <20060117165316.75475.qmail@simone.iecc.com>
References: <20060117165316.75475.qmail@simone.iecc.com>
Mime-Version: 1.0 (Apple Message framework v746.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <4F2F132E-817A-4BAA-8DB7-D6D62D81DBC3@mail-abuse.org>
Content-Transfer-Encoding: 7bit
From: Douglas Otis <dotis@mail-abuse.org>
Subject: Re: [Asrg] Email service assumptions and making system-wide changes
Date: Tue, 17 Jan 2006 09:58:39 -0800
To: John Levine <asrg@johnlevine.com>
X-Mailer: Apple Mail (2.746.2)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Content-Transfer-Encoding: 7bit
Cc: asrg@ietf.org, sethb@panix.com
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
On Jan 17, 2006, at 8:53 AM, John Levine wrote: >>> The problem at this point are viral-infected zombie bot armies. >> >> Yes, and when that gets solved, there will be a new problem. >> Remember when the problem was open relays? That's solved, spam is >> still here. > > The move to open relays and zombies tells us that fixed source spam > is dead. Other evidence of that is that there are few enough fixed > source spammers that the tiny volunteer Spamhaus group manages to > keep them under control. The bad thing about the end of fixed > source spam is that seven or eight years ago mail system managers > were reluctant to block IP addresses for sending spam, but now they > do it at the drop of a hat which means that they make a lot of > mistakes along the way. > > It's certainly interesting to ask whether we will ever be able to > lock down the mail system sufficently to make it hard for bad guys > to send spam through unwilling third parties. Considering how much > of the net runs on MS-ware and how unable Microsoft is to make any > progress toward writing secure software, on I'm not holding my > breath. And even if they did, they're hardly the only source of > design errors or implementation bugs. > > See http://www.slate.com/id/2133993/ Indeed Windows behaves like natural rubber where a pin-hole quickly opens into a massive hole. Improving upon the decontamination rate at least directly addresses the situation and should also stem the infection rate. Providers could assist by establishing conventions for including a signed opaque identifier that resolves to an account (perhaps as an extension to DKIM). Rather than blocking providers when the situation becomes pronounced, services are available to direct accounts into obtaining a scrub, where much of this can be automated. Many AV companies already offer this as a free service. On a different note, the products and performance demonstrated at Macworld were impressive. The new notebook seemed a bit warm, but was running 5x faster. It appears that an OS build upon Unix benefits from decades of cross-platform compatibility. Oddly, the one major product still needing an emulator to run was Office. Maybe there is a little light at the end of the tunnel. -Doug _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Re: Bots Frank Ellermann
- [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? der Mouse
- Re: [Asrg] Spam, why is it still a problem? Tom Petch
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Spam, why is it still a problem? Andrew W. Donoho
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- [Asrg] Re: Spam, why is it still a problem? Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- RE: [Asrg] Spam, why is it still a problem? Hallam-Baker, Phillip
- Re: [Asrg] Spam, why is it still a problem? Seth Breidbart
- [Asrg] Email service assumptions and making syste… Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Gadi Evron
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Tom Petch
- Bots was Re: [Asrg] Email service assumptions and… Tom Petch
- Re: [Asrg] Email service assumptions and making s… John Levine
- Re: Bots was Re: [Asrg] Email service assumptions… John Levine
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: Bots was Re: [Asrg] Email service assumptions… Barry Shein
- [Asrg] Re: Bots Frank Ellermann
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Douglas Otis
- Re: [Asrg] Re: Bots Seth Breidbart
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Gadi Evron
- Re: [Asrg] Re: Spam, why is it still a problem? Douglas Otis
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Bill Cole
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Laird Breyer
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- RE: [Asrg] Re: Spam, why is it still a problem? Wesley Peters
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Dave Crocker
- Re: [Asrg] Spam, why is it still a problem? Danny Angus