Update on mail bombing threats--not so funny
alex at relcom.EU.net
alex at relcom.EU.net
Fri Jan 10 11:38:54 UTC 1997
Sorry, but what are you doing with the uninteresting adv. shits
in you usial mail-box? I found daily 2 / 3 such papers, and I prefere
to brote them into my wasterbacket instead of writing a lot of
complains... Sometimes I found something interesting, anyway.
Except some cases of the massive SPAM it's better choice.
Just now I see unadequate behaviour of some network administrators
when 1 (_ONE_) unnessesary message cause 10 / 20 messages (written bu this administrator)
complained about this advertisment (you are naming it _spam_). This cause
us to much more troubles then simple 'D' (or 'REMOVE') command.
> There is no use to attempt to find legal fixes for massive spam and other
> flooding attacks. The spam sources will simply move out of U.S.
> and will start loading international circuits with their crap.
> I.e. the legal cure will only make spam even more annoying, but won't
> stop anybody.
> Why won't we concentrate on doing technical solutions? Fortunately,
> it is relatively easy to get rid of the flooding attacks by reducing
> their effectiveness to nothing.
> The solution is source address filtering at edges, to relieve attackers
> from the benefit of forged source addresses, and reverse lookup
> authentication in MTAs -- just do not accept any mail coming from an
> invalid source address, or source address not corresponding to what
> is in Sender, Reply-To or From field.
> That will arguably break some setups (for example, when outgoing mail
> leaves hosts directly, but return mail comes thru a centralized server);
> but that can be fixed.
> That scheme is obviously not bullet-proof, but neither are locks on the
> doors. They do deter crime, though.
> BTW, the e-mail sender address authentication would also do wonders for
> non-flooding variety of spammers -- getting tons of angry mail from the
> targets of the spam does have some effect. Also, it gives ISPs ability
> to identify abusers, and create a black list of people not to have any
> business with, and a legitimate reason to refuse service to them.
> There's a historical precedent in doing source address authentication
> which initially broke service for a lot of peple, but ultimately made
> Internet a saner place -- the FTP archive at UUNET at some time started
> requiring that reverse DNS lookups should provide correct names.
> Oops -- nobody with broken reverse zones could access it.
> Now, the question is how to make people to actually implement it. I guess
> the big providers should consider it in their best interest -- or they'll
> eventually get politicians and lawyers on their heads.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG