nanog mailing list archives
Re: Anti-spam System Idea
From: "Laurence F. Sheldon, Jr." <LarrySheldon () cox net>
Date: Sat, 14 Feb 2004 08:45:55 -0600
Tim Thorpe wrote:
95% of spam comes through relays and its headers are forged tracking an E-mail back that you've received is becoming next to impossible, its also very time consuming and why waste your time on scumbags?
I don't think open relays are that big a part of the picture anymore. The rest of that 'graph is pretty close. Open proxies, insecure forms, and asymmetrical routing is where it is at, and remote-control trojans installed by viruses and worms is where it is going.
my idea; a DC network that actively scans for active relays and tests them, it compiles a list on a daily basis of compromised IP addresses (or even addresses that are willingly allowing the relay) making this list freely available to ISPs via a secure and tracked site.
I don't know what a "DC Network" is.
to test a relay you actually have to send mail through it, I have a solution for this as well, the clients are set to e-mail a certain address that changes daily the E-mails are signed with a crypto key to verify authenticity (that way spammers can't abuse the address if it doesn't have the key, it get canned)
As they sometimes say--"It won't scale." And for people on small pipes or metered connections, that will be more abusive than the current problem is.
work with ISP's to correct issues on their network help completely black list IP's from their network that are operating as an open relay and redirect to a page that alerts them of the compromise and solutions to fix the problem. the only way people are going to become aware of security issues such as this is if something happens that wakes them up, if they can't access a % of the web it would hopefully clue them in.
ingress filtering at the edges to drop packets that have to be fraud scales better, but I'm not sure that matters much anymore. But if we could not do that, how will we get this handled?
because these scans only need to take place once per IP per day and over a large distribution of computers performing the tests, I don't see network load becoming a big issue, no bigger then it currently is.
I think you need to check your arithmetic.
Current thread:
- Anti-spam System Idea Tim Thorpe (Feb 14)
- Re: Anti-spam System Idea Valdis . Kletnieks (Feb 14)
- Re: Anti-spam System Idea william(at)elan.net (Feb 14)
- Re: Anti-spam System Idea Laurence F. Sheldon, Jr. (Feb 14)
- Re: Anti-spam System Idea Michael Wiacek (Feb 14)
- RE: Anti-spam System Idea Tim Thorpe (Feb 14)
- Re: Anti-spam System Idea Andy Dills (Feb 14)
- Re: Anti-spam System Idea jlewis (Feb 14)
- RE: Anti-spam System Idea Tim Thorpe (Feb 14)
- Re: Anti-spam System Idea Steven Champeon (Feb 14)
- RE: Anti-spam System Idea jlewis (Feb 14)
- RE: Anti-spam System Idea william(at)elan.net (Feb 14)
- Re: Anti-spam System Idea Jon R. Kibler (Feb 15)
- Re: Anti-spam System Idea Sean Donelan (Feb 15)
- RE: Anti-spam System Idea Tim Thorpe (Feb 14)