Tracking SPAM (Re: Spam Control Considered Harmful)

Greg A. Woods woods at
Thu Oct 30 05:01:02 UTC 1997

[ On Wed, October 29, 1997 at 18:00:15 (-0500), Phil Lawlor wrote: ]
> Subject: Re: Tracking SPAM (Re: Spam Control Considered Harmful)
> AGIS is kicking this, along with other ideas around.  We spent a great deal
> of resources on the IEMMC thing, and that didn't work out well.  Thought
> I'd toss the caller ID idea out to get feedback from this list.

I think you're partly on the right track.

However there's another very critical part of the picture that I've not
yet seen clear mention of:  i.e. the concurrent implementation of limits
to SMTP server connectivity which must go hand in hand with audit trails
that can be used to clearly identify the originator and follow him
through all e-mail transactions until they completely leave the home
ISPs network.  I.e. not only must connection origination information be
logged, so must all mail transactions originated by customers be
captured and logged.  Without forcing the mail sender to go through an
auditable SMTP transaction with a mailer that the ISP controls with 100%
certainty then one cannot be certain to be able to identify the would-be
spammer due to missing links in the audit trail.  Such controls can
obviously be implemented just as easily as the anti-ip-spoofing filters
that all ISPs should already be implementing.

I and a growing number of other people who've decided to fight spam have
been telling ISPs this is the only sure way to control the extremely
high and growing amount of third-party illegal relay abuse.  (I might
note that such abuse has skyrocketed since the decline of the IEMMC.)

Unfortunately this puts a burden on ISPs that I'm not certain they are
quite ready or able to handle yet.  Indeed I've heard relativley little
back from the constant stream of requests I send for implementation of
such controls with accompanying complaints about third-party abuse
originating from throw-away dial-up accounts.

Of course once a more substantial contract has been forged between an
ISP and a user (i.e. one that enforces an AUP and allows the ISP some
degree of certainty that they will be able to extract retribution for
breach of contract) then, and only then, might the ISP allow the
customer to bypass some of the auditing mechanisms under the assumption
(backed up by contract) that the customer will have in place their own
similar auditing mechanisms.

							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods at>      <robohack!woods>
Planix, Inc. <woods at>; Secrets of the Weird <woods at>

More information about the NANOG mailing list