Interesting People mailing list archives
Re: a proposal --the idiots at comcast suddenly started
From: David Farber <dave () farber net>
Date: Fri, 18 Jan 2008 00:31:16 -0800
________________________________________ From: Andrew Burnette [acb () acb net] Sent: Friday, January 18, 2008 2:28 AM To: David Farber Subject: Re: [IP] a proposal --the idiots at comcast suddenly started Dave, Of course, all more expensive than a port block. Even comcast's own mail servers fall under the "mail.domainname.com" attack of numerous bots. (many simply attempt to connect to mail.xyz.com, where xyz.com is the local domain name in DNS. Remove that name from your DNS records and you'll cut problems a lot). Or should they simply lock down all bots on their network. No, as that would make them the responsible customer care to lead the unwashed masses of infected windows users through a series of disinfection programs and sequences. No fun, not to mention, expensive. Customer care is more expensive than delivering the bandwidth in many networks, particularly in bulk consumer products. comcast's address space belongs in black hole lists. Sorry, but the noise to signal ratio is far greater than 100:1 coming from those blocks, along with many other consumer providers. To wit: my own mail server, no RBL's, 6000-8000 connections and email delivery attempts each day. 95% of those are 'unwanted garbage' and pin both memory and cpu at 100% trying to filter out spam for a dozen domains, on a decent server. add the RBL's in, and the number cuts to under 1000 per day. Only 1/2 need significant processing (which in practice is < 10% of the non RBL solution). SMTP over SSL/TLS (port 465) and message submission protocol (port 587) both get past the blocks, and most mail servers support such configurations, not to mention protect the privacy of the content from casual intercept. If yours doesn't, pester your aya admin for minimally better services, as it is often simply a checkbox on a config page. The math and economics simply don't favor content based filtering, nor do they mitigate the need to block consumer connections from directly sending email. Sorry, but that's the reality. Due to spam and spam alone, I now run a dual processor machine, u320 scsi hard drives, and a couple gigs of ram. Before the onslaught, a single athlon 550 and 256megs of ram handled the same volume of email. Cost ne a couple grand $$ in hardware to deal with other's problems. "not fair" as life isn't or so they say. Good supplemental ways to slow the flow: 1- delay helo of your inbound mailserver to 40 seconds. Most bots give up at 30 seconds 2- of course, require authentication 3- carefully select your RBL's 4- enable SSL and MSP on your mail server. nearly all MTA's include it, or can easily integrate the function 5- employ reverse dns lookups. Annoying yes, but it cuts a fair number of connections 6- block bogons/rfc1918 space and the like from sending email. Cheers andy burnette David Farber wrote:
________________________________________ From: Gordon Peterson [gep2 () terabites com] Sent: Thursday, January 17, 2008 9:48 PM To: David Farber Subject: Re: [IP] the idiots at comcast suddenly started Of course, their INTENTION is to try to force everybody sending mail to go through THEIR mail servers, in an attempt to throttle/control spam transmission (especially the zombie spambot problem). I agree with you that this kind of garbage is exceedingly annoying. It would be FAR better to make a better and more effective arrangement for spam blocking, such that unsolicited/deceptive/unwanted/malicious E-mail would have a vanishingly small likelihood of ever being read... to the point where spamming would not be economically attractive to the perpetrators. I believe that a fairly simple policy would achieve that... based on a fine-grained whitelist and default ruleset: BY DEFAULT, incoming E-mails would be accepted for further processing if they: 1. Do not use HTML. 2. Do not contain attachments. 3. Are less than some specified size (25K, 50K, maybe 100K). Mail messages passing those criteria would be filtered through a good antispam content filter (Spam Assassin or similar). Once HTML and attachments are removed from the mix, antispam filters can do a very effective job....! Mail recipients could agree to accept more fully-featured E-mail on a sender-by-sender basis, perhaps including additional sender-based tests (newsletters that always have a predictable masthead at the top or sig file at the bottom, for example). Eliminating HTML would eliminate active content (ActiveX, scripting), misrepresented "phishing" links, and other ruses used to evade antispam content filters. Eliminating attachments would eliminate executable attachments, viruses/worms, text-as-image, and other mail content that is either dangerous or (also) used to evade antispam content filtering. Limiting E-mail size just basically helps prevent having a recipient's inbox perhaps filled up by someone they don't know. ONCE INITIAL E-MAIL CONTACT WITH A GIVEN SENDER HAS BEEN ESTABLISHED, there would be a fine-grained whitelist at the RECIPIENT end allowing that sender to send that recipient any kind of mail the recipient agrees to accept from that sender... presuming that it "looks like" mail from that sender is expected to look. The fact that most recipients would not authorize ANYBODY to send them executables would virtually eliminate E-mail as a (direct, at least) propagation vector for viruses, worms, and other malicious content that typically results in zombie spambot recruitment. Eliminating clickable links in E-mail from unknown parties would help prevent "blind" links which look deceptively like a link from their bank, www.paypal.com or whatever but which actually goes invisibly to some rogue server in Romania, China, or elsewhere. Putting a crimp in spambot zombie recruitment, of course, would be a major step towards making it not look like such a good idea for ISPs to try things like port 25 blocking. But I think we need to put a MAJOR crimp in the inherently unwise (though widespread) perception that anybody can send just anybody e-mail messages containing (possibly misrepresented) links, active content, arbitrary attachments, and so forth and expect it to be delivered and opened. We will NEVER solve the spam problem until we overcome that root problem. David Farber wrote:to block port 25 in Pittsburgh, No notice and no reason Of course i worked around it but DAMN idiots NO NOTICE------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- a proposal --the idiots at comcast suddenly started David Farber (Jan 17)
- <Possible follow-ups>
- Re: a proposal --the idiots at comcast suddenly started David Farber (Jan 18)
- a proposal --the idiots at comcast suddenly started David Farber (Jan 18)