funsec mailing list archives
Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups)
From: Dan White <dwhite () olp net>
Date: Fri, 16 Oct 2009 12:04:08 -0500
On 16/10/09 07:56 -0400, Rich Kulawiec wrote:
If you're relaying spam, then it's [in part] *your* spam. Everyone involved in propagating and supporting abuse has to take a share of the blame: the spammer who paid for it, the botnet operator who generated it, the user who allowed their system to be hijacked, the network operator who transited the traffic, the mail system operator who relayed the message, the web site hoster providing services, everyone. Nobody gets a pass. Nobody gets to evade their share of responsibility.
So if I have a customer on Facebook that sends sPaM to another Facebook user (that happens to be using AOL), do I or AOL get the blame? No, even though we blindly relayed that message.
SMTP needs to go away, and be replaced by something that resembles end-to-end messaging passing, rather than the horrible touchy feely pseudo-chain-of-trust that it is today.And even if did, that would do absolutely nothing to solve the problem we currently face (i.e. 100M+ zombies): it'd just shift it to another protocol. And while SMTP abuse is one of the more visible external symptoms of the underlying security problem, it's by no means the only one and probably not even the most important, given that we developed quite effective defenses against it years ago.
I'm proposing a little more thinking outside the box here. SMTP does need to go way, and be replaced by something better: Something that does not inherently suffer from the problems of SMTP today, but is based on something with better two-way trust. If I have a friend that gets caught up in a 100M+ zombie attack, then I'll just suspend my trust with that friend until he gets his act together. I'll probably get one SpAm from him, maybe two, before I get the idea. I should not be concerned about the other 99,999,999 other zombies. -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: dumb. Comcast pop-ups, (continued)
- Re: dumb. Comcast pop-ups Rich Kulawiec (Oct 11)
- Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Larry Seltzer (Oct 11)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Larry Seltzer (Oct 12)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Valdis . Kletnieks (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Valdis . Kletnieks (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Dan White (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) G. D. Fuego (Oct 16)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) G. D. Fuego (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Larry Seltzer (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) G. D. Fuego (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Dan White (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Paul Ferguson (Oct 19)