North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Unbelievable Spam.
>>>>> "Michael" == Michael Dillon <[email protected]> writes: Michael> When will we realize that SPAM is a social problem and it Michael> needs a social solution? When will the major email Michael> providers sit down around a table and agree to some Michael> guidelines for email exchange that make it impossible for Michael> rogue users to inject large volumes of email into the Michael> system? The existing non-hierarchical email exchange First - lots of providers are definitely working together, quite often behind the scenes, without press conferences or even posts on nanog. You do have to consider that almost all of them have their main servers locked down fairly tight, and those that don't do this soon find themselves blocked till such time as they can shape up. However, a lot of the spam is being sent through IPs that should not ordinarily originate mail .. trojaned hosts, open proxy servers etc. So, a lot of providers are becoming more proactive about sweeping their network for trojaned hosts, open proxies etc, and sometimes filtering out known trojan / proxy ports. Another easy thing to do is to split their inbound and outbound mailservers, and ensure that none of their inbound servers (MXs) relays for their customer IP (dialup / dhcp) pool. This is because there are lots of trojans out there that take the domain from the computer's hostname or IP's rDNS, do an MX lookup on the domain and try to pump their payload through the MX, hoping that it will relay for the customer IP. And it is not just the big guys, it is the small guys ranging from mom and pop ISPs to corporate admins who run a single exchange server on a DSL line that need education as well. Regular tutorials on systems security at NANOG and the assorted other meetings that operators and sysadmins frequent is a very good idea indeed. FWIW, I did a tutorial on this at SANOG 3 in Bangalore a while back - found myself having to answer a lot of questions, some which were obviously FAQs. Next - an antispam tutorial and a conference track (featuring Dave Crocker, Meng Wong etc) at APRICOT 2004 in Kuala Lumpur, later this month. Michael> network is not scalable. I hope that everyone on this Michael> list can understand what the email exchange overlay Michael> network is and recognize that it is subject to similar Michael> scaling rules as the underlying IP network. Say what? Agreed, spam is not just a technical problem, it is a social problem. But I do have to ask you the same questions that Vijay Gill asked. Please feel free to mail me offlist or take this thread to spam-l or elsewhere if you feel that this is getting offtopic (though spam, especially the network security / virus related issues about spam, is definitely an operational issue these days). srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations