North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Anti-spam System Idea

  • From: Jon R. Kibler
  • Date: Sun Feb 15 20:41:57 2004

[email protected] wrote:
> On Sun, 15 Feb 2004 [email protected] wrote:
> > If we block outbound port 25 SYN packets from origin addresses in the DHCP
> > address blocks, we solve the problem for everybody.

EXACTLY correct!

> just speed up the migration (which has already begun) to spam
> proxies that use the local ISP's mail servers as smart hosts.  Then you
> have to come up with a way to rate-limit customer outbound SMTP traffic.

I agree that proxies that use the local ISP's mail servers as smart hosts is
a growing problem. However, it is a problem that is far more manageable than
is our current situation.

First, if spam is forced through a centralized set of outgoing servers, and
these servers do adequate logging, then a compromised system can be detected
in a matter of minutes and blocked.

Next, requiring users to use SMTP AUTH to authenticate to the mail server,
even when on the ISP's network, would throw another hurdle into the spammer's
ability to access the ISP's mail server, and thus block the ability of 
spamware to route mail in this manner.

Ultimately, if all local networks, including ISP customers, would require that
MUAs submit mail through MSAs (instead of through MTAs), and require that the 
MUAs use StartTLS to connect to the MSA, it would become very difficult for
spammers to hijack an ISP's MTA. (Yes, this means that ISPs will have to run
their own PKI, but I can easily see the day where this will be SOP.)

Bottom line... I believe that it such easier to control spammer traffic routed
through central mail servers, than it is to control spammers using thousands of
hijacked systems that have their own SMTP engines dumping mail onto the net.

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.