Update on mail bombing threats--not so funny

alex at relcom.EU.net alex at relcom.EU.net
Fri Jan 10 11:38:54 UTC 1997

Sorry, but what are you doing with the uninteresting adv. shits
in you usial mail-box? I found daily 2 / 3 such papers, and I prefere
to brote them into my wasterbacket instead of writing a lot of
complains... Sometimes I found something interesting, anyway.

Except some cases of the massive SPAM it's better choice.
Just now I see unadequate behaviour of some network administrators
when 1 (_ONE_) unnessesary message cause 10 / 20 messages (written bu this administrator)
complained about this advertisment (you are naming it _spam_). This cause
us to much more troubles then simple 'D' (or 'REMOVE') command.

>   There is no use to attempt to find legal fixes for massive spam and other
>   flooding attacks.   The spam sources will simply move out of U.S.
>   and will start loading international circuits with their crap.
>   I.e. the legal cure will only make spam even more annoying, but won't
>   stop anybody.
>   Why won't we concentrate on doing technical solutions?  Fortunately,
>   it is relatively easy to get rid of the flooding attacks by reducing
>   their effectiveness to nothing.
>   The solution is source address filtering at edges, to relieve attackers
>   from the benefit of forged source addresses, and reverse lookup
>   authentication in MTAs -- just do not accept any mail coming from an
>   invalid source address, or source address not corresponding to what
>   is in Sender, Reply-To or From field.
>   That will arguably break some setups (for example, when outgoing mail
>   leaves hosts directly, but return mail comes thru a centralized server);
>   but that can be fixed.
>   That scheme is obviously not bullet-proof, but neither are locks on the
>   doors.  They do deter crime, though.
>   BTW, the e-mail sender address authentication would also do wonders for
>   non-flooding variety of spammers -- getting tons of angry mail from the
>   targets of the spam does have some effect.  Also, it gives ISPs ability
>   to identify abusers, and create a black list of people not to have any
>   business with, and a legitimate reason to refuse service to them.
>   There's a historical precedent in doing source address authentication
>   which initially broke service for a lot of peple, but ultimately made
>   Internet a saner place -- the FTP archive at UUNET at some time started
>   requiring that reverse DNS lookups should provide correct names.
>   Oops -- nobody with broken reverse zones could access it.
>   Now, the question is how to make people to actually implement it.  I guess
>   the big providers should consider it in their best interest -- or they'll
>   eventually get politicians and lawyers on their heads.
>   --vadim

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)

More information about the NANOG mailing list