Time to check the rate limits on your mail servers

Douglas Otis dotis at mail-abuse.org
Sat Feb 5 20:27:12 UTC 2005


On Sat, 2005-02-05 at 19:18 +0000, Jørgen Hovland wrote:
> ----- Original Message ----- 
> From: "Edward B. Dreger" <eddy+public+spam at noc.everquick.net>
> > TV> From: Todd Vierling
> >
> > TV> The only way to be sure is via cryptographic signature.  Barring
> > TV> that level
> >
> > False.  You imply that a crypto signature is a perfect guarantee, and
> > that nothing else can provide equal assurance.
>
> To prevent spyware using your signature you can for example use some
> sort of local signature engine and a fingerprint reader. It 
> isn't possible to steal the private key because only the engine can
> decode it. Emails can only be signed with that signature by the 
> engine, and the engine needs your fingerprint first. But who really
> wants to stick your thumb in the reader for every email you 
> send?

If each provider signed their messages AND included account identifiers
(as used by their access servers), then the providers themselves or some
third-party would have little trouble blackhole listing problematic
systems.  There would be NO danger that something in the customers
system could be stolen.

A blackhole A record of 127.0.0.1 by the provider at the following:

 <internal-identifier>._rl.<domain>.<tld>

Or if by a third-party, it could be 

 <internal-identifier>._rl.<domain>.<tld>.<third-party>.<tld>

This mechanism would also prevent a replay attack on signatures as well
as allow extraction of these problem accounts caused by compromised
systems.  These people would quickly learn they have a problem, if they
use the mail services of the provider.  If they do not, they should be
blocked by the provider outright.  To prevent bounce traffic
unilaterally, BATV would be a better solution.

SPF et al does not allow safe reputation assertions.  A reputation
assertion is the ONLY way this type of abuse can be prevented.  Binding
MAILFROM or the FROM with some IP address will not stop spam.  Within
two minutes, spammers will have adapted, and yet a tremendous expense
and disruption will have taken place for little benefit.

-Doug

 








More information about the NANOG mailing list