Update on mail bombing threats--not so funny

Vadim Antonov avg at pluris.com
Thu Jan 9 21:19:21 UTC 1997


There is no use to attempt to find legal fixes for massive spam and other
flooding attacks.   The spam sources will simply move out of U.S.
and will start loading international circuits with their crap.

I.e. the legal cure will only make spam even more annoying, but won't
stop anybody.

Why won't we concentrate on doing technical solutions?  Fortunately,
it is relatively easy to get rid of the flooding attacks by reducing
their effectiveness to nothing.

The solution is source address filtering at edges, to relieve attackers
from the benefit of forged source addresses, and reverse lookup
authentication in MTAs -- just do not accept any mail coming from an
invalid source address, or source address not corresponding to what
is in Sender, Reply-To or From field.

That will arguably break some setups (for example, when outgoing mail
leaves hosts directly, but return mail comes thru a centralized server);
but that can be fixed.

That scheme is obviously not bullet-proof, but neither are locks on the
doors.  They do deter crime, though.

BTW, the e-mail sender address authentication would also do wonders for
non-flooding variety of spammers -- getting tons of angry mail from the
targets of the spam does have some effect.  Also, it gives ISPs ability
to identify abusers, and create a black list of people not to have any
business with, and a legitimate reason to refuse service to them.

There's a historical precedent in doing source address authentication
which initially broke service for a lot of peple, but ultimately made
Internet a saner place -- the FTP archive at UUNET at some time started
requiring that reverse DNS lookups should provide correct names.
Oops -- nobody with broken reverse zones could access it.

Now, the question is how to make people to actually implement it.  I guess
the big providers should consider it in their best interest -- or they'll
eventually get politicians and lawyers on their heads.

--vadim





More information about the NANOG mailing list