On 16/10/09 07:56 -0400, Rich Kulawiec wrote: >If you're relaying spam, then it's [in part] *your* spam. Everyone involved >in propagating and supporting abuse has to take a share of the blame: >the spammer who paid for it, the botnet operator who generated it, the >user who allowed their system to be hijacked, the network operator >who transited the traffic, the mail system operator who relayed the message, >the web site hoster providing services, everyone. Nobody gets a pass. >Nobody gets to evade their share of responsibility.
So if I have a customer on Facebook that sends sPaM to another Facebook user (that happens to be using AOL), do I or AOL get the blame? No, even though we blindly relayed that message. >> SMTP needs to go away, and be replaced by something that resembles >> end-to-end messaging passing, rather than the horrible touchy feely >> pseudo-chain-of-trust that it is today. > >And even if did, that would do absolutely nothing to solve the problem >we currently face (i.e. 100M+ zombies): it'd just shift it to another >protocol. And while SMTP abuse is one of the more visible external >symptoms of the underlying security problem, it's by no means the >only one and probably not even the most important, given that we >developed quite effective defenses against it years ago. I'm proposing a little more thinking outside the box here. SMTP does need to go way, and be replaced by something better: Something that does not inherently suffer from the problems of SMTP today, but is based on something with better two-way trust. If I have a friend that gets caught up in a 100M+ zombie attack, then I'll just suspend my trust with that friend until he gets his act together. I'll probably get one SpAm from him, maybe two, before I get the idea. I should not be concerned about the other 99,999,999 other zombies. -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
