Update on mail bombing threats--not so funny

Mike Leber mleber at he.net
Thu Jan 9 22:31:43 UTC 1997

On Thu, 9 Jan 1997, Vadim Antonov wrote:
> Why won't we concentrate on doing technical solutions?
> [good source authentication proposal deleted]

This would solve the forged email problem excellently.  (Assuming you can
get past the installed base of over 50(?) million SMTP email addresses,
although only a few of those actually have a source domain different from
the mail gateway.) 

However, the spaming problem is another.  I see three generations of

The 1st Generation Spammer (Direct)

>From address matches sender.  Spammer expects to pick up mail at the from
address.  Cancelling account thwarts spammer.  Easy to cover in TOS.

The 2nd Generation Spammer (Indirect Via Internet)

>From address is different than sender.  For this type of spam promoting
web sites, the actual site being promoted is on a different network than
spam is sent from.  For this type of spam requiring a response, response
email address is usually a dropbox or autoresponder service with a
"spammer friendly" TOS.  Source email account used is disposable. 
Requires more complex TOS for network hosting actual site to terminate

The 3rd Generation Spammer (Indirect Via Non Internet)

>From address can be anything.  Response is via 900 phone number, 800 phone
number taking credit cards, or international number with builtin premium
($20 for the first minute).  Alternatively, less sophisticated 3rd
generation spammers use fax, regular telephone, or postal mail (only the
really dumb ones every use postal mail, because of the amount of law).  No
Internet resource is used as part of ordering.

I have received a couple of these 3rd generation spams recently.

Mail authentication is not going to prevent hit and run 3rd generation

An additional feature (hehe) in sendmail that would hinder hit and run
operators would be flood suppression on a user by user basis (ibm.net
could have used this).  For example, a rule such that no user can send
more than 1000 messages per day (configurable of course).


+------------------- H U R R I C A N E - E L E C T R I C -------------------+
| Mike Leber             Direct Internet Connections     Voice 408 282 1540 |
| Hurricane Electric      Web Hosting & Co-location        Fax 408 971 3340 |
| mleber at he.net                                           http://www.he.net |

More information about the NANOG mailing list