Tony,
--On 17 February 2004 17:27 -0800 Tony Hain [EMAIL PROTECTED] wrote:
Clearly I misinterpreted your comments; sorry for reading other parts of
the thread into your intent. The bottom line is the lack of a -scalable-
trust infrastructure. You are arguing here that the technically inclined
* No authentication scheme
Bang on!
People do, however, use it because there
currently is no realistic widely deployed alternative available. Those
that are currently available (e.g. SPF) are not widely deployed, and
in any case are far from perfect. Whilst we have no hammer, people will
On Wed, 18 Feb 2004 10:08:25 +1300, Don Gould [EMAIL PROTECTED] said:
The RFC for mail was very well designed. If people simply stuck to the
orginal RFC (~800 something) and managed more of their own small systems
then this spam thing just wouldn't be the problem that it has become...
would
Folks,
TH If you insist on restricting the service to a small set of 'approved'
TH applications, people will simply encapsulate what they really want to do in
TH the approved service and you will lose visibility.
A small elaboration:
You will make life intolerable for the average user -- ie,
Dave Crocker wrote:
Folks,
TH If you insist on restricting the service to a small set of 'approved'
TH applications, people will simply encapsulate what they really want to
do in
TH the approved service and you will lose visibility.
A small elaboration:
You will make life
I think that the registration oriented authentication mechanisms (spf,
rmx, lmap, etc.) can be useful only when the authenticator is the
hosting network provider, rather than a message author.
I think widespread use of SPF will gut the major sources of spam.
The problem with spam proxies
Guðbjörn,
I think that the registration oriented authentication mechanisms (spf,
rmx, lmap, etc.) can be useful only when the authenticator is the
hosting network provider, rather than a message author.
GSH I think widespread use of SPF will gut the major sources of spam.
Well, it will gut
I think that the registration oriented authentication mechanisms
(spf,
rmx, lmap, etc.) can be useful only when the authenticator is the
hosting network provider, rather than a message author.
GSH I think widespread use of SPF will gut the major sources of spam.
Well, it will gut a
On Wed, 18 Feb 2004 13:06:05 -0500, [EMAIL PROTECTED] wrote:
Any real solution is going to have to deal with the fact that properly
administered systems are in the distinct minority.
You shut the mal-administered systems of from the internet until they
are no lnger a threat to the internet,
On Tue, 17 Feb 2004, Alex Bligh wrote:
they in turn chose to trust. Take BGP (by which I mean eBGP) as the case in
point: [...] The trust relationship is
important, [...]. BGP allows me (in commonly deployed form) to run
a relatively
secure protocol between peers, and deploy (almost)
PROTECTED]
Subject: Re: Anti-spam System Idea
Timothy R. McKee wrote:
There will *never* be a concerted action by all service providers to
filter ingress/egress on abused ports unless there is a legal
requirement to do so. Think 'level playing field'...
Haven´t it been stated enough times
]
Subject: RE: Anti-spam System Idea
Personally I don't see where ingress filters that only allow registered
SMTP servers to initiate TCP connections on port 25 is irresponsible.
Any user sophisticated enough to legitimately require a running SMTP
server
should also have the sophistication
In message [EMAIL PROTECTED], Tony Hain writes:
The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip applications, etc. from ever being
deployed. If there are any
In message [EMAIL PROTECTED], Tony Hain writes:
The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip applications, etc. from ever being
deployed. If there are
The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip applications, etc. from ever being
deployed. If there are any operators out there who still understand the
In message [EMAIL PROTECTED], Tony Hain
writes:
The Internet has value because it allows arbitrary
interactions where new
applications can be developed and fostered. The centrally
controlled model
would have prevented IM, web, sip applications, etc. from ever being
deployed. If there are
--On 17 February 2004 12:17 -0800 Tony Hain [EMAIL PROTECTED] wrote:
[with apologies for rearrangement]
The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip
: Alex Bligh
Subject: Re: Clueless service restrictions (was RE: Anti-spam System Idea)
The real problem here is that there are TWO problems which interact.
It is a specific case of the following general problem:
* A desire for any to any end to end connectivity using the
protocol concerned
--On 17 February 2004 16:10 -0600 Chen, Weijing
[EMAIL PROTECTED] wrote:
Sound like an any to any end to end signaling/control mechanism with
authentication capabilities. Smell fishy (packet version of dial tone?)
Since when had dialtone got end-to-end signalling/control? My POTS line
doesn't
, Weijing; [EMAIL PROTECTED]
Cc: Alex Bligh
Subject: RE: Clueless service restrictions (was RE: Anti-spam System Idea)
--On 17 February 2004 16:10 -0600 Chen, Weijing
[EMAIL PROTECTED] wrote:
Sound like an any to any end to end signaling/control mechanism with
authentication capabilities
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Tony Hain writes:
The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip applications, etc. from ever being
Randy Bush [EMAIL PROTECTED] writes:
and, if you want to see a particularly broken example, buy internet
service from t-mobile gprs in the states, port 22 blocked, no smtp
relay, ... walled garden mentality from the get go.
Strangely enough, the only complaints I've heard about t-mob GPRS
On Tue, 17 Feb 2004 21:48:18 +
Alex Bligh [EMAIL PROTECTED] wrote:
a) Some forms of filtering, which do occasionally prevent the customer
from using their target application, are in general good, as the
operational (see, on topic) impact of *not* applying tends to be
worse than
In the immortal words of Robert E. Seastrom ([EMAIL PROTECTED]):
Randy Bush [EMAIL PROTECTED] writes:
and, if you want to see a particularly broken example, buy internet
service from t-mobile gprs in the states, port 22 blocked, no smtp
relay, ... walled garden mentality from the get
and, if you want to see a particularly broken example, buy internet
service from t-mobile gprs in the states, port 22 blocked, no smtp
relay, ... walled garden mentality from the get go.
The ssh client for the Danger Sidekick is extremely popular, and I
don't think it would be if the
Steve,
--On 17 February 2004 17:28 -0500 Steven M. Bellovin
[EMAIL PROTECTED] wrote:
In almost all circumstances, authentication is useful for one of two
things: authorization or retribution. But who says you need
authorization to send email? Authorized by whom? On what criteria?
Authorized
On 17 Feb 2004, Robert E. Seastrom wrote:
Randy Bush [EMAIL PROTECTED] writes:
and, if you want to see a particularly broken example, buy internet
service from t-mobile gprs in the states, port 22 blocked, no smtp relay,
... walled garden mentality from the get go.
Strangely enough,
Alex Bligh wrote:
Steve,
--On 17 February 2004 17:28 -0500 Steven M. Bellovin
[EMAIL PROTECTED] wrote:
In almost all circumstances, authentication is useful for one of two
things: authorization or retribution. But who says you need
authorization to send email? Authorized by whom?
--On 17 February 2004 16:19 -0800 Tony Hain [EMAIL PROTECTED] wrote:
Where they specifically form a club and agree to preclude the basement
multi-homed site from participating through prefix length filters. This
is exactly like the thread comments about preventing consumers from
running
17, 2004 4:48 PM
To: Tony Hain; 'Steven M. Bellovin'
Cc: [EMAIL PROTECTED]; Alex Bligh
Subject: RE: Clueless service restrictions (was RE: Anti-spam System Idea)
--On 17 February 2004 16:19 -0800 Tony Hain [EMAIL PROTECTED] wrote:
Where they specifically form a club and agree
On Tue, 17 Feb 2004, Stephen J. Wilcox wrote:
On 17 Feb 2004, Robert E. Seastrom wrote:
Randy Bush [EMAIL PROTECTED] writes:
and, if you want to see a particularly broken example, buy internet
service from t-mobile gprs in the states, port 22 blocked, no smtp relay,
...
If these exist then why are we still having problems? Why do we let
customers who have been infected flood the networks with traffic as they
do?
Someone sent me a message on Friday with a Dykstra quote that
sums it all up...
It is impossible to sharpen a pencil with a blunt axe. It is equally
To me, the approach you advocate is something like saying do away with
any centralized
law enforcement, force everyone to carry guns, and if anyone suspects
that someone
else is committing a crime, they are obliged to shoot them. I believe
that blocking
spam at its source is far easier than
On Sun, 15 Feb 2004 22:00:08 -0600
Stephen Sprunk [EMAIL PROTECTED] wrote:
This topic has been consistently ruled off-topic for NANOG by Merit's staff.
Please respect those of us who don't want to hear about spam here.
For those interested, the IRTF's ASRG is actively studying anti-spam
The problem is not as much actual open relays (which are now rare and
almost universlly blocked) but open proxies
We have come up with some terms to clarify types of open proxies:
*Naturally occurring* open proxy/relay:
System on which the owner has intentionally installed a mail or proxy
On 2004-02-15T20:43-0500, Jon R. Kibler wrote:
) [EMAIL PROTECTED] wrote:
) On Sun, 15 Feb 2004 [EMAIL PROTECTED] wrote:
) If we block outbound port 25 SYN packets from origin addresses in the DHCP
) address blocks, we solve the problem for everybody.
) EXACTLY correct!
Not quite exactly,
Lawrence Baldwin noted:
#Personally, I think the better approach to fighting proxy spam is to
#identify the spammers that are *upstream* from the proxies and then get one
#or more of them thrown in jail, not for spamming, but for violating federal
#or state computer intrusion laws. Spammers are
* [EMAIL PROTECTED] (Lawrence Baldwin) [Mon 16 Feb 2004, 16:17 CET]:
DHCP, though technically dynamic addressing is far less of a problem as
IP address do NOT typically change very often...remember DHCP leases
are renewed automatically by the client when the lease is 50% to
expiration.
Many
Christopher L. Morrow wrote:
SNIP!
There was never any central control/enforcement for the Internet, and time
and again Governments have been shown that its next to impossible to BE
that central enforcer...
SNIP!
I am NOT advocating government regulation or policing of the Internet. Rather,
On Mon, 16 Feb 2004, Jon R. Kibler wrote:
Christopher L. Morrow wrote:
SNIP!
There was never any central control/enforcement for the Internet, and time
and again Governments have been shown that its next to impossible to BE
that central enforcer...
SNIP!
I am NOT advocating
At 02:11 PM 2/16/2004 -0500, Jon R. Kibler wrote:
Christopher L. Morrow wrote:
SNIP!
There was never any central control/enforcement for the Internet, and time
and again Governments have been shown that its next to impossible to BE
that central enforcer...
SNIP!
I am NOT advocating government
I've spent many years in the industry... It comes down to this:
a) Being proactive costs money. Whether it be in the form of additional
engineering/operations time or beefier routers doesn't matter. No
management type will *ALLOW* the technical folks to expend resources
unless there is either
Timothy R. McKee wrote:
There will *never* be a concerted action by all service providers to
filter ingress/egress on abused ports unless there is a legal requirement
to do so. Think 'level playing field'...
Haven´t it been stated enough times previously that blindly blocking
ports is
To: Timothy R. McKee
Cc: 'J Bacher'; [EMAIL PROTECTED]
Subject: Re: Anti-spam System Idea
Timothy R. McKee wrote:
There will *never* be a concerted action by all service providers to
filter ingress/egress on abused ports unless there is a legal
requirement to do so. Think 'level playing field
On Sat, 14 Feb 2004 18:24:17 PST, Tim Thorpe [EMAIL PROTECTED] said:
Getting a bit long, I like it :D.
What would be a netops general response to scans of this nature?
What's *your* netop's response to all the idiot-with-firewalls replies to your scan?
Then go and read
[EMAIL PROTECTED] wrote:
On Sat, 14 Feb 2004, Tim Thorpe wrote:
If these exist then why are we still having problems?
Because the spammers are creating proxies faster than any of the anti-spam
people can find them. Evidence suggests, at least on the order of 10,000
new spam proxies
On Sun, 15 Feb 2004, Jon R. Kibler wrote:
We find that at least 85% of all spam originates from DHCP addresses. Thus, if
a significant number of ISPs would perform port 25 egress filtering, I believe
that it would significantly reduce spam, and force criminal spammers to develop
completely
On Sun, 15 Feb 2004 16:40:40 EST, Sean Donelan said:
DialUp Lists (DUL) dns block lists permits you to ignore e-mail from
many dynamic IP addresses. You can configure your mail server to do this
today without waiting for ISPs to do anything.
If we advertise the DHCP pools for AS1312 in a DUL,
On Sun, 15 Feb 2004 [EMAIL PROTECTED] wrote:
If we advertise the DHCP pools for AS1312 in a DUL, we solve the problem for
those sites that use the DUL we list them in.
If we block outbound port 25 SYN packets from origin addresses in the DHCP
address blocks, we solve the problem for
On Sun, 15 Feb 2004 [EMAIL PROTECTED] wrote:
DialUp Lists (DUL) dns block lists permits you to ignore e-mail from
many dynamic IP addresses. You can configure your mail server to do this
today without waiting for ISPs to do anything.
If we advertise the DHCP pools for AS1312 in a DUL, we
On Sun, 15 Feb 2004 17:46:05 EST, Sean Donelan said:
What if I told you about a method to identify the type of connection for
every IP address in our DNS? You don't need to rely on third-party DUL
lists.
Hmm.. color me dubious, but keep talking. Best bet here would probably be
some
Sean Donelan wrote:
DialUp Lists (DUL) dns block lists permits you to ignore e-mail from
many dynamic IP addresses. You can configure your mail server to do this
today without waiting for ISPs to do anything.
Like most other simple solutions, how effective is it?
We block known dialup
On Sun, 15 Feb 2004, Jon R. Kibler wrote:
DialUp Lists (DUL) dns block lists permits you to ignore e-mail from
many dynamic IP addresses. You can configure your mail server to do this
today without waiting for ISPs to do anything.
Like most other simple solutions, how effective is it?
Sean Donelan wrote:
On Sun, 15 Feb 2004, Jon R. Kibler wrote:
We block known dialup netblks. Catches 5% of spam. Why? Because the real
culprits are xDSL, CABLE and other systems with broadband connections. These
account for about 80% of the spam attempts we observe.
Why don't you
[EMAIL PROTECTED] wrote:
On Sun, 15 Feb 2004 [EMAIL PROTECTED] wrote:
snip!
If we block outbound port 25 SYN packets from origin addresses in the DHCP
address blocks, we solve the problem for everybody.
EXACTLY correct!
No...you just speed up the migration (which has already begun)
On Sun, 15 Feb 2004, Jon R. Kibler wrote:
To me, the approach you advocate is something like saying do away with any
centralized
law enforcement, force everyone to carry guns, and if anyone suspects that someone
else is committing a crime, they are obliged to shoot them. I believe that
On Sun, 15 Feb 2004, Jon R. Kibler wrote:
OK, I was sloppy in my wording... I should have said that we block
published dynamic netblks, including dial, cable, xDSL, and wireless.
That still catches something less than 5% of spam originating from DHCP
connections.
Then it sounds like you have
I have a different idea about how spam could be dealt with, which I have yet
to see proposed or discussed on Nanog. Everything suggested is always a
technical patch trying to deal with the fact that spammers can make a lot of
money. And, regardless of the patch you apply, they will find a way
On Sun, 15 Feb 2004, Sean Donelan wrote:
Most ISPs prohibit any type of server on a DHCP connection?
Some cable providers do this due to some limitations in their network
architecture, but I would be surprised if most (i.e. more than 50%) ISPs
prohibit servers. Why do you think DynDNS type
This topic has been consistently ruled off-topic for NANOG by Merit's staff.
Please respect those of us who don't want to hear about spam here.
For those interested, the IRTF's ASRG is actively studying anti-spam
techniques and I'm sure they'd be interested in hearing all of your ideas
(after
On Sun, 15 Feb 2004 22:00:08 CST, Stephen Sprunk said:
For those interested, the IRTF's ASRG is actively studying anti-spam
techniques and I'm sure they'd be interested in hearing all of your ideas
(after you verify they haven't been tried before).
http://www.irtf.org/charters/asrg.html
Also
Tim Thorpe wrote:
Seeing as this system would directly impact network operators (the NO in
naNOg) I must disagree.
Go right ahead and disagree, however:
http://www.nanog.org/listfaq.html
If Merit's staff feels otherwise then I sincerely apologize and will of
course move the discussion, I will
To: 'Tim Thorpe'
Subject: RE: Anti-spam System Idea
Hi, Tim.
A couple of the RBL (real-time black hole listing, in case
you're not already familiar with them) providers already do
something like this. SORBS and NJABL stick out in my mind as
examples. Is there something about
There are several groups working on identifying open relays, proxies, etc
and creating lists of such ips for active blocking. For example see
http://www.spamhaus.org/xbl/index.lasso
The problem is not as much actual open relays (which are now rare and
almost universlly blocked) but open
Tim Thorpe wrote:
95% of spam comes through relays and its headers are forged tracking an
E-mail back that you've received is becoming next to impossible, its also
very time consuming and why waste your time on scumbags?
I don't think open relays are that big a part of the picture anymore.
The
It just doesn't work :( A few years ago I developed a sendmail
milter system that would perform an open relay test on all new
IP's that attempted to send mail to or through our server. If
the test failed (open relay), the mail was rejected before it
was even sent. If the test passed, the mail was
On Sat, 14 Feb 2004, Tim Thorpe wrote:
I wanted to run this past you to see what you thought of it and get some
feedback on pro's and cons of this type of system.
I have been thinking recently about the ever increasing amount of spam that
is flooding the internet, clogging mail servers,
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Michael Wiacek
Sent: Saturday, February 14, 2004 9:12 AM
To: Tim Thorpe
Cc: [EMAIL PROTECTED]
Subject: Re: Anti-spam System Idea
It just doesn't work :( A few years ago I developed
On Sat, 14 Feb 2004, Tim Thorpe wrote:
95% of spam comes through relays and its headers are forged tracking an
E-mail back that you've received is becoming next to impossible, its also
very time consuming and why waste your time on scumbags?
s/relays/proxies/
The proxies are tough to find
If these exist then why are we still having problems? Why do we let
customers who have been infected flood the networks with traffic as they do?
Should they not also be responsible for the security of their computers? Do
we not do enough to educate?
... addresses (or even
addresses that are
on Sat, Feb 14, 2004 at 03:55:40PM -0800, Tim Thorpe wrote:
If these exist then why are we still having problems?
See my reply to the thread SMTP relaying policies for Commercial ISP
customers...? -- we have problems because the spammers are a lot smarter
than any of us and can bounce from
On Sat, 14 Feb 2004, Tim Thorpe wrote:
If these exist then why are we still having problems?
Because the spammers are creating proxies faster than any of the anti-spam
people can find them. Evidence suggests, at least on the order of 10,000
new spam proxies are created and used every day by
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 15, 2004 01:21 AM
To: 'Tim Thorpe'
Cc: [EMAIL PROTECTED]
Subject: RE: Anti-spam System Idea
On Sat, 14 Feb 2004, Tim Thorpe wrote:
If these exist then why are we still having problems
Getting a bit long, I like it :D.
What would be a netops general response to scans of this nature?
On Sat, 14 Feb 2004 [EMAIL PROTECTED] wrote:
On Sat, 14 Feb 2004, Tim Thorpe wrote:
If these exist then why are we still having problems?
Because the spammers are creating proxies faster than any of the anti-spam
people can find them. Evidence suggests, at least on the order of
75 matches
Mail list logo