IPv6 isn't SMTP

Barry Shein bzs at world.std.com
Thu Mar 27 04:24:25 UTC 2014


On March 26, 2014 at 20:21 dhc2 at dcrocker.net (Dave Crocker) wrote:
 > On 3/26/2014 11:22 AM, Barry Shein wrote:
 > > What makes IP address mobility possible is mass, unauthorized if not
 > > simply illegal use of others' resources, such as with botnets or
 > > massive exploiting of holes in web hosting sites' software.
 > 
 > Except that compromised personal computers are 'valid' by all normal 
 > metrics.

>From the receiving or intermediary point of view, sure.

One would like to think that the owner of the transmitting host knows
s/he didn't intend to send 15,000 herbal hair regrowth ads this
morning if somehow it was pointed out to them and would probably be
unhappy over it.

So, illegal or at best unauthorized from the POV of the transmitter,
owner or manager etc of the PC.

I'm simply saying that spam would barely exist without these illegal
(oh let's not split that hair) resources.

 > An army of such machines provides a kind of address mobility that is not 
 > detected by any normal means.

I agree.

Perhaps a more global view might work but we don't have a way to
implement that, or perhaps put better, the will to implement that.

For example 1,000,000 systems sending out basically the same message
(BUY HERBAL HAIR RE-GROWER!)  would be suspicious particularly if the
sending systems were scattered hither and yon.

And we do try to do this via blacklists but it's not quite enough
mostly because it's after the fact, much of the damage has been done,
the 1M msgs were sent and put into peoples' mailboxes already.

And then the spammers change their footprint.

Really not a very good method but we do what we can.

 > 
 > > Fundamentally spam is a security isse.
 > 
 > In the same way as burglary is a security issue, yeah.  Which is to say 
 > that fundamentally, spam is a social issue, like any other crime.

No, I really mean that without the illegal (let's not regrow that
hair) resources the spammers are sunk, kaput, out of business.

It's the only way they can operate in any effective manner.

The only way.

There's more to this but foiling whatever it is that spammers use to
build botnets and massively exploit for example web hosting software
will tend to work. The list is pretty short as far as I can tell.

Everything else, such as content analysis and blacklisting will tend
to not work, or only so much, a never-ending battle.

Some will blanche at this but the entire spam problem basically arose
from the crap security in Windows systems, particularly prior to maybe
XP/SP2.

Not sure where all that leads us, however. Better security at those
major exploitation points, in a nutshell.

And if someone disagrees then please tell me how spammers as we know
them (and related miscreants) can operate without these few sources of
purloined resources.

Preferably without a big hand-wave like "oh they'll just find
something else!"

Maybe not!

-- 
        -Barry Shein

The World              | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*



More information about the NANOG mailing list