FW: The worst abuse e-mail ever, sverige.net

Steven Champeon schampeo at hesketh.com
Wed Sep 22 03:58:56 UTC 2004


on Tue, Sep 21, 2004 at 05:52:12PM -0600, Allan Poindexter wrote:
> 
>   Daniel> The only responsible thing to do is filter port 25,
>   Daniel> smarthost for your users, and inform them about using the
>   Daniel> alternate submission port with authenticated SMTP in order
>   Daniel> to work with enterprise mail servers - or IPSec VPNs, for
>   Daniel> that matter. This is simply the best practice, at this point
>   Daniel> in time. Using humans ("dedicated staff person") to stop
>   Daniel> spam isn't scalable - automated processes are sending this
>   Daniel> stuff, we need systematic ways to fight it - black/white
>   Daniel> lists, SPF, port 25 filtering, bayesian filtering and other
>   Daniel> tools.
> 
> Let's put this in perspective.  Say a hypothetical sysadmin were to
> disable any and all authentication on his SSH server.  And that
> someone then used SSH from your network to run code that sysadmin
> didn't like on that machine.  Would you then consider it reasonable if
> the sysadmin proposed:
> 
>    The only responsible thing to do is filter port 22, smarthost for
>    your users, and inform them about using the alternate submission
>    port with authenticated SSH in order to work with enterprise SSH
>    servers - or IPSec VPNs, for that matter. This is simply the best
>    practice, at this point in time. 

OK, now let's make it more in line with modern practice:

Say a protocol more or less completely lacked server-server
authentication, or a way to distinguish between client and server, and
that then every day, for ten years, hundreds and thousands of
professional criminals used weaknesses in the monopoly OS to plant
software completely under their control on fifty million (or so) of
these vulnerable hosts, and then took advantage of the aforementioned
weakness in the protocol to own anywhere from a quarter to 90% of all
inbound transmissions to your server- all selling illegal, immoral, or
extralegal services and products, to the point that some users of that
protocol literally drown in said deluge, and also that a major
proportion of said submissions were addressed to users who don't exist,
never existed, only exist because of inventive viruses (see "monopoly
OS"), or completely fictional and created by aforementioned professional
abusers, and sold to other naive abusers, or were the helpful notices
provided to said forged addresses after accepting the submissions,
rather than rejecting at submission time. Oh, and outbound connections
aren't expected from the vast majority of those hosts.

Yes, I think this a reasonable response to use everything at our
disposal to refuse the majority of the unwanted submissions.
 
But hey, I'm just a mail admin with 65% inbound mail identified as
abusive. Obviously I don't have any of these hypothetical concerns.

-- 
join us!   http://hesketh.com/about/careers/web_designer.html       join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!



More information about the NANOG mailing list