Re: Yahoo breaks every mailing list in the world including the IETF's

"Fred Baker (fred)" <fred@cisco.com> Mon, 19 May 2014 19:28 UTC

Return-Path: <fred@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 733091A03C9 for <ietf@ietfa.amsl.com>; Mon, 19 May 2014 12:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -115.151
X-Spam-Level:
X-Spam-Status: No, score=-115.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKMawcgYQceM for <ietf@ietfa.amsl.com>; Mon, 19 May 2014 12:28:48 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BB761A03C0 for <ietf@ietf.org>; Mon, 19 May 2014 12:28:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11816; q=dns/txt; s=iport; t=1400527728; x=1401737328; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=zu2NpeUBM18dRA/7Rwi+HaNMzO5KL9G2fUPeVRyIzfk=; b=bMMPsw9HENmn+sr8cJ49kld1T8sAx4XiXhmYyzPpWVjROwbQHWJ1bnat x1cbffGvYa6G3SGNnEad36cZYzq0BYKoaYLlBR8NkeD7AJl8g2+A1pRBH xon8y7oPG09d+JFsZt34am6z5LmSiZun4DsR21/fJPo8bGey6gqV4xEEN k=;
X-Files: signature.asc : 195
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmwFAMVaelOtJA2I/2dsb2JhbABZgwZRWMQJAYEZFnSCJQEBAQMBMT0LBQsCAQgOCi4yFwENAgQOBQ6IKwgNsQOhOBeNbhEBUAeDK4EVBIRZAwSMWoE6hmaTGoM3bQGBCTk
X-IronPort-AV: E=Sophos;i="4.98,868,1392163200"; d="asc'?scan'208,217";a="45214042"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-6.cisco.com with ESMTP; 19 May 2014 19:28:47 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s4JJSlsP008122 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 19 May 2014 19:28:47 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.239]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0123.003; Mon, 19 May 2014 14:28:47 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Eric Dynamic <ecsd@transbay.net>
Subject: Re: Yahoo breaks every mailing list in the world including the IETF's
Thread-Topic: Yahoo breaks every mailing list in the world including the IETF's
Thread-Index: AQHPcIUpDngr5iNwLEKkuSlfHDYtk5tE3CkAgAB6zACAAVIoG4ABEKAAgADqH4A=
Date: Mon, 19 May 2014 19:28:46 +0000
Message-ID: <AF1F10D2-9143-42BE-9322-90A4995D4F2E@cisco.com>
References: <53752DAC.4090305@transbay.net> <6.2.5.6.2.20140516234651.0b808458@resistor.net> <CAMm+Lwi=eKby_7erZ6=MrwfSAJwt7HewALKHz38dWGp7gvGv+A@mail.gmail.com> <6.2.5.6.2.20140517225044.0bb15010@elandnews.com> <53799704.9070002@transbay.net>
In-Reply-To: <53799704.9070002@transbay.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.64.123]
Content-Type: multipart/signed; boundary="Apple-Mail=_1A3210A2-226E-425F-87C6-830EDA8628A5"; protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/jP1dAxr3s0jHJCROVhb6iWEE9sg
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 19:28:50 -0000

Several people have replied to the tone of your email. Let me reply with a bit of somewhat-technical commentary.

In their defense, Microsoft has taken a pretty strong approach to software quality over the past decade plus. Frankly, poor software quality has hurt them. It is in their interest to fix it for several reasons, not just this one. That is perhaps one of the best arguments for their current campaign to move their users from Windows XP-and-older to their latest operating systems - it reduces their support costs and improves the quality of their brand.

You may be interested in the outcome of a research project run by Stefan Savage of UCSD. In 2007, he broke into the Storm Botnet, and learned a bit about it, which he published in a paper in 2009. In 2010, he put a small quantum of money on a disposable credit card and started responding to spam (“yes, please sell me your little blue pills”), and published a paper about that in 2011. That enabled him to follow the money flow - fourth level attribution, if you will. His work came to the attention of US DOJ, which is now recommending it as an approach to investigating spam-related crime, and to the Microsoft Digital Crimes Unit, which has been using legal proceedings against the folks who pay botmasters for their craft, with deadly effectiveness.

I think it’s fair to say, from Microsoft’s actions, that they agree that getting their old software off the net would be a good thing. They want their customers to upgrade to their new-and-presumably-improved software, and are proactively dealing with the business side of spam.

On May 18, 2014, at 10:30 PM, Eric Dynamic <ecsd@transbay.net> wrote:

> Meanwhile I notice that hundreds of IT professionals spin their wheels over
> standards and practices for dealing with spam, which is otherwise preventable,
> namely, let's cut the crap and go to first casuses: why there is spam/crime to
> the extent that there is: bad software running user PCs worldwide.
> 
> Get rid of Microsoft software connected to the Internet and the worldwide
> "bot-net" problem will go away in a few months, as the criminal bots are
> tracked down and eliminated but NOT replaced.
> 
> Do not even begin to bother the issue of whether Unix/Linux can or cannot be
> invaded/compromised. Yes, it can, but to at most four orders of magnitude a
> lesser extent. Microsoft's mean time to the next exploit is 15 days (two weeks.)
> Unix's mean time to the next exploit is 2700 days (7.5 years.)
> Microsoft users are just recovering from any given virus when the next one hits.
> 
> There is just no excuse to keep using such awful software and then have to
> pretend that all the extra attendant nonsense ("anti-spamscience") is meaningful
> and necessary. I suggest we worldwide quit wasting man-hours and intelligence
> doing scutwork on an arms-race basis to keep Bill Gates's company looking
> at best adequate. The spam is their fault and they can't fix the reasons why.
> 
> So put their code in the garbage where it belongs and retire Microsoft into
> the Dustbin of History where it belonged 20 years ago.
> 
> This will free an enormous amount of now-wasted manpower to start doing more
> useful things. This would also greatly benefit the economy and the development
> of new PC technology, by the way, without regard to spam/crime.
> 
> ===
> 
> S Moonesamy wrote:
>> 
>> Hi Phillip, 
>> At 10:04 17-05-2014, Phillip Hallam-Baker wrote: 
>>> Yet more special pleading. 
>> 
>> [snip] 
>> 
>>> A legitimate argument against DMARC would be 'Here is a research study 
>>> based on empirical evidence that shows DMARC does not help'', it might 
>>> not be persuasive but it would be a valid argument to have. I am 
>> 
>> Yes. 
>> 
>>> I find the arguments that IETF should ignore the impact of DMARC 
>>> unpersuasive. We have changed email repeatedly in response to non 
>>> standards compliant actions taken by the spam senders. So there is a 
>>> precedent for responding to malicious actions, why would we treat 
>>> non-malicious actions differently? 
>> 
>> The significant change I can think of is the MSA/MTA split.  That was in 1998.  There is a specification violation in response to a DMARC policy as implementers do have to decide whether to provide a fix or ignore the issue.  There are also operational issues, e.g. http://www.it.cornell.edu/services/guides/email/issues.cfm  Should the IETF ignore the impact of all this?  Frankly, I don't know.  It is a significant amount of work to assess how much of a problem this is. 
>> 
>> Regards, 
>> S. Moonesamy
>