mailing list archives
Re: Update on mail bombing threats--not so funny
From: alex () relcom EU net
Date: Fri, 10 Jan 97 14:38:54 +0300
Sorry, but what are you doing with the uninteresting adv. shits
in you usial mail-box? I found daily 2 / 3 such papers, and I prefere
to brote them into my wasterbacket instead of writing a lot of
complains... Sometimes I found something interesting, anyway.
Except some cases of the massive SPAM it's better choice.
Just now I see unadequate behaviour of some network administrators
when 1 (_ONE_) unnessesary message cause 10 / 20 messages (written bu this administrator)
complained about this advertisment (you are naming it _spam_). This cause
us to much more troubles then simple 'D' (or 'REMOVE') command.
There is no use to attempt to find legal fixes for massive spam and other
flooding attacks. The spam sources will simply move out of U.S.
and will start loading international circuits with their crap.
I.e. the legal cure will only make spam even more annoying, but won't
Why won't we concentrate on doing technical solutions? Fortunately,
it is relatively easy to get rid of the flooding attacks by reducing
their effectiveness to nothing.
The solution is source address filtering at edges, to relieve attackers
from the benefit of forged source addresses, and reverse lookup
authentication in MTAs -- just do not accept any mail coming from an
invalid source address, or source address not corresponding to what
is in Sender, Reply-To or From field.
That will arguably break some setups (for example, when outgoing mail
leaves hosts directly, but return mail comes thru a centralized server);
but that can be fixed.
That scheme is obviously not bullet-proof, but neither are locks on the
doors. They do deter crime, though.
BTW, the e-mail sender address authentication would also do wonders for
non-flooding variety of spammers -- getting tons of angry mail from the
targets of the spam does have some effect. Also, it gives ISPs ability
to identify abusers, and create a black list of people not to have any
business with, and a legitimate reason to refuse service to them.
There's a historical precedent in doing source address authentication
which initially broke service for a lot of peple, but ultimately made
Internet a saner place -- the FTP archive at UUNET at some time started
requiring that reverse DNS lookups should provide correct names.
Oops -- nobody with broken reverse zones could access it.
Now, the question is how to make people to actually implement it. I guess
the big providers should consider it in their best interest -- or they'll
eventually get politicians and lawyers on their heads.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
- - - - - - - - - - - - - - - - -