North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Unbelievable Spam.

  • From: Suresh Ramasubramanian
  • Date: Wed Feb 04 01:28:08 2004
  • Cancel-lock: sha1:0S5uTtdHjqi2Bza/QP0/4kZpOkw=

>>>>> "Michael" == Michael Dillon <[email protected]> writes:

    Michael> When will we realize that SPAM is a social problem and it
    Michael> needs a social solution? When will the major email
    Michael> providers sit down around a table and agree to some
    Michael> guidelines for email exchange that make it impossible for
    Michael> rogue users to inject large volumes of email into the
    Michael> system? The existing non-hierarchical email exchange

First - lots of providers are definitely working together, quite often
behind the scenes, without press conferences or even posts on nanog.

You do have to consider that almost all of them have their main
servers locked down fairly tight, and those that don't do this soon
find themselves blocked till such time as they can shape up.

However, a lot of the spam is being sent through IPs that should not
ordinarily originate mail .. trojaned hosts, open proxy servers etc.

So, a lot of providers are becoming more proactive about sweeping
their network for trojaned hosts, open proxies etc, and sometimes
filtering out known trojan / proxy ports.

Another easy thing to do is to split their inbound and outbound
mailservers, and ensure that none of their inbound servers (MXs)
relays for their customer IP (dialup / dhcp) pool.  

This is because there are lots of trojans out there that take the
domain from the computer's hostname or IP's rDNS, do an MX lookup on
the domain and try to pump their payload through the MX, hoping that
it will relay for the customer IP.

And it is not just the big guys, it is the small guys ranging from mom
and pop ISPs to corporate admins who run a single exchange server on a
DSL line that need education as well.  Regular tutorials on systems
security at NANOG and the assorted other meetings that operators and
sysadmins frequent is a very good idea indeed.

FWIW, I did a tutorial on this at SANOG 3 in Bangalore a while back -
found myself having to answer a lot of questions, some which were
obviously FAQs.  Next - an antispam tutorial and a conference track
(featuring Dave Crocker, Meng Wong etc) at APRICOT 2004 in Kuala
Lumpur, later this month.

    Michael> network is not scalable.  I hope that everyone on this
    Michael> list can understand what the email exchange overlay
    Michael> network is and recognize that it is subject to similar
    Michael> scaling rules as the underlying IP network.

Say what?  Agreed, spam is not just a technical problem, it is a
social problem.  But I do have to ask you the same questions that
Vijay Gill asked.

Please feel free to mail me offlist or take this thread to spam-l or
elsewhere if you feel that this is getting offtopic (though spam,
especially the network security / virus related issues about spam, is
definitely an operational issue these days).


srs (postmaster|suresh) // gpg : EDEDEFB9
manager, security and antispam operations