nanog mailing list archives
Re: Time to check the rate limits on your mail servers
From: "John Underhill" <stepnwlf () magma ca>
Date: Thu, 3 Feb 2005 16:55:20 -0500
Creating an invincible mail client, still only addresses the symptom, and not the disease. I would contend that any attempts made to harden a mail client, will, (and have always been..), be countered with a new exploit, a new method of exploiting the system. The only way to really control spam, is to make it unprofitable, both for the hosting providers, and websites that use this as a form of mass marketing. If say, a 'top 100 domains' (or 10,000, if need be..), list of offending websites were assembled, continually updated, and used universally to null route the websites paying for these services, (and in some cases, entire blocks owned by unscrupulous service providers hosting these websites, in the case that are continually proffering these services to offending parties..), it would soon become the case that if you use spam to mass market your product, you risk losing your access to a portion of the internet. Of course, there are many lists of this kind, but what is lacking, is the willingness to launch a coordinated effort, or agreement on a proven and effective criteria for identifying how this could/should be regulated. I have heard the argument that we are not in the business of determining what should be permitted on the internet, and for the most part I would tend to agree, but I view this as a technical and not an ethical issue, and when seen in that context, the solutions seem obvious. Control spam? Attack it at the source, -follow the money- and make those that would profit from the abuse of the system accountable by denying them services.
John----- Original Message ----- From: "Miller, Mark" <mark.miller () qwest com>
To: <nanog () merit edu> Sent: Thursday, February 03, 2005 3:37 PM Subject: RE: Time to check the rate limits on your mail servers
How come it is always about controlling the symptoms and not the illness? The vast majority of these "spam drones" are compromised WINDOWS machines. If the operating system and dominant email applications so easily allows the users' machines to be taken over by a third party, then there is something wrong with the operating system and the mail applications. It occurs to me that the solution is not to limit the range of destruction, but to defuse the bomb. Perhaps the focus for a solution should move up the model to layer 7. - Mark -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Michael.Dillon () radianz com Sent: Thursday, February 03, 2005 8:47 AM To: nanog () merit edu Subject: Re: Time to check the rate limits on your mail servers> Do you let your customers send an unlimited number of emails per > day? Per hour? Per minute? If so, then why? Doing that - especially now when this article has hit the popular press and there's going to be lots more people doing the same thing - is going to be equivalent of hanging out a "block my email" sign.I don't understand your comment. This is an arms race. The spammers and botnet builders are attempting to make their bots use the exact same email transmission channels as your customers' email clients. They are getting better at doing this as time goes on. I think we are at the point where the technical expertise of the botnet builders is greater than the technical expertise of most people working in email operations. ...
Current thread:
- Re: Time to check the rate limits on your mail servers, (continued)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Lou Katz (Feb 03)
- Re: Time to check the rate limits on your mail servers Valdis . Kletnieks (Feb 03)
- Re: Time to check the rate limits on your mail servers Steven Champeon (Feb 03)
- Re: Time to check the rate limits on your mail servers Joe Maimon (Feb 03)
- RE: Time to check the rate limits on your mail servers just me (Feb 04)
- RE: Time to check the rate limits on your mail servers Miller, Mark (Feb 03)
- Re: Time to check the rate limits on your mail servers Joe Maimon (Feb 03)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 03)
- Re: Time to check the rate limits on your mail servers J.D. Falk (Feb 03)
- Re: Time to check the rate limits on your mail servers John Underhill (Feb 03)
- Re: Time to check the rate limits on your mail servers Joe Maimon (Feb 03)
- RE: Time to check the rate limits on your mail servers Hannigan, Martin (Feb 03)
- Re: Time to check the rate limits on your mail servers J.D. Falk (Feb 03)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 03)
- Re: Time to check the rate limits on your mail servers Joel Jaeggli (Feb 03)
- Re: Time to check the rate limits on your mail servers Guðbjörn S. Hreinsson (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 03)
- Re: Time to check the rate limits on your mail servers Todd Vierling (Feb 04)
- Re: Time to check the rate limits on your mail servers Douglas Otis (Feb 04)
- Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) J.D. Falk (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 05)
- Re: Time to check the rate limits on your mail servers J.D. Falk (Feb 03)