EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
paul at vix.com
Mon Jun 23 12:01:48 CDT 2008
> > with EC2, it's game-over for the IP reputation industry
> Realistically speaking, did you not expect that to be inevitable?
i didn't, no. when i unknowingly launched the IP reputation industry back
in the mid 1990's, the risk i was managing was a spammer who planned to give
away free T1 lines to anyone who would run a spam relay for them. everything
in those days was fixed ip on wire lines. when the game changed to open relay
and open proxy and then malware-botnets, i saw a great deal of pressure on the
model since a given IP address could represent different endpoints at various
times of the day, and each endpoint could be cleaned and reinfected many times
in a month, but with short TTLs on the DNS RBL, it was still possible to keep
the pressure on the infected endpoints and their ISPs, since they bore the
greatest cost of their own misbehaviour, and reputation-entropy was a cheap
component of the overall error rate. so, no.
> As access to the internet increases, the chances of SMTP scaling to prevent
> spam decreases. And as IP's become more numerous and 'chuckable' (so much
> more so with IPv6 around the corner), the idea of a blacklist becomes ever
> more useless.
yes, but that was a shallow curve, whereas EC2/GAE/etc is a steep curve.
> What we need is a new mail protocol.. [But people have been saying that for
> decades now]
several excellent, scalable replacements for smtp have been patented. all we
have to do is globally agree to enrich those patent holders and our problems
will be solved.
More information about the NANOG