North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Stealth Blocking

  • From: Mitch Halmu
  • Date: Thu May 24 15:07:30 2001 
On Thu, 24 May 2001, Dave Rand wrote:

> The MAPS RSS(sm) is a list of open relays *which have been abused*.  These
> are sites which have been reported to MAPS as open relays, and have spam
> samples.  Once the spam has been verified, a test is performed to verify
> that the site is, indeed, an open relay.  If a sample message is accepted,
> and then returned by the site as a relay, the host is listed.  Removal from
> the RSS requires that the host no longer relays.  Automated probes are never
> done - a human must request the test, and spam must be available.  Because
> of the very large number of hosts listed (around 100,000 as I write this),
> it's generally used in DNS mode only.  It's pretty easy to get a host which
> is an open relay that has transmitted spam onto the list.  Between 100 and
> 1,500 hosts per day are added, and hundreds per day are taken off (as soon
> as they let MAPS know that the relay has been closed).

Very interesting statistics. It gives you a clear picture of the magnitude
of the squeeze. Now I understand why such heavy hammer was needed at the
helm full-time. Supposing that 100,000 server owners plus those forcibly
're-educated' get together and do something about it, like scream, or jump 
of a 12 inch stool, or donate $10 each, would they be able to shake Dave 
off his high horse? How about if they also rally their users that were 
suddenly cut off?

The collateral damage in blocking 100,000 hosts is simply unacceptable.
Especially because there are only a few hundred die-hard professional
spammers that need to be rooted out, and the problem diminishes, or at
least becomes manageable in another way. As an ISP, I have yet to see
a list of black sheep compiled consisting of individuals, spam companies, 
or credit cards used to defraud that should not be subscribed. Banks
share such information, why can't ISPs?

No matter how noble the cause, the methods are wrong. In all the debate, 
it was perhaps lost that no viable technological solution to roaming, 
meaning one that is happily accepted by the end user, exists yet. And 
please don't mention SMTP Auth, it's not perfected yet.

--Mitch
NetSide