'Re: What changes would you make to stop spam? - United Nations Paper'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: What changes would you make to stop spam? - United Nations Paper
From:       "John D. Hardin" <jhardin () impsec ! org>
Date:       2006-08-02 15:10:11
Message-ID: Pine.LNX.4.10.10608020741510.26141-100000 () gypsy ! impsec ! org
[Download RAW message or body]

On Wed, 2 Aug 2006, Tom Ray wrote:

> > have registered that does not have working (i.e. read-by-a-human)
> > postmaster@ and abuse@ aliases? 
> 
> Being that I am a domain registrar (small but still) how will I
> know if they have a working postmaster or abuse alias?

Easy. Send them an email and see if they respond. Make it clear in the
service agreement that they (hopefully) read before registering a
domain that this is a requirement.

> And even if they did a quick filter setup at the server level will
> have those mails /dev/null'd in no time.

Check back periodically. Note to them that if you get complaints about
non-working aliases you will block the domain until they *do* work.

> This isn't a feasible idea for one reason and one reason only,
> Network Solutions. They'll find some way to re-route that domain
> to their own use.

I agree it isn't a perfect solution given that some registrar
somewhere won't enforce it. After all, there are "spam-friendly"
registrars these days.

Which suggests another idea: is there a SURBL for domains registered
with Known Evil registrars?

And it's also extra work for an already low-margin operation.

> >> 5) Require ISP's to channel their customer's email through their own 
> >> mail servers (which will have some impact upon SPF tracking as well) 
> >> and not allow any non-business customers, nor any dynamic customers 
> >> (business or commercial), to directly connect to other mail servers.
> >
> > Totalitarian regimes will *love* that one. ISPs will hate it.
>
> Hate to break the news to you but many ISPs are already not
> allowing their users to connect via port 25 outside their
> networks. Comcast has done it, as have a few others already. I run
> into this a lot because I'm also a hosting company and offer SMTP
> Auth but many customers have issues because they can't connect to
> port 25 on my mail server.

Do you support SMTP-via-SSL (ssmtp, 465/tcp)? Do the ISPs also block
that port? In modern clients setting that up is just checking a
checkbox.

> I also totally agree with this practice, if they are going to be
> on the hook for something their users did then they need to keep a
> watchful eye on their customers.

Hrm. Then why do so many disclaim responsibility when they are told
about known bot-controlled customer systems actively attacking others?
 
> ISPs don't hate this considering that many ISPs now do hosting,
> it's a way for them to get their customers to bring the hosting
> over to them also.

I was thinking more about the ISP being reluctant to buy more servers
to handle the increased email volume, but upon more thought I realize
that this isn't likely to be an issue for several reasons.

I'm also somewhat leery about having ISPs filter *any* traffic, apart
from MS Networking; the potential for abuse is great. I was just
throwing out ideas.

What I would *like* to see is ISPs adopt a default filtering stance
that blocks outbound SMTP, 1025-1029/udp, MS Networking and MSSQL,
which would cover the vast majority of inbound crap my systems
automatically discard, and have a "register your account as clueful"
policy (at no extra charge!) that removes that filtering for your IP
when you connect. The Great Unwashed need handholding, but that
shouldn't cripple those who know how to administer their systems
properly.

But I realize this is a dream.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin@impsec.org    FALaholic #11174    pgpk -a jhardin@impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 Look at the people at the top of both efforts. Linus Torvalds is a
 university graduate with a CS degree. Bill Gates is a university
 dropout who bragged about dumpster-diving and using other peoples'
 garbage code as the basis for his code. Maybe that has something to
 do with the difference in quality/security between Linux and
 Windows.                            -- anytwofiveelevenis on Y! SCOX
-----------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic