[Asrg] Multiple Suggestions
"Sauer, Damon" <Damon.Sauer@BellSouth.com> Wed, 05 March 2003 18:09 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA17866 for <asrg-archive@odin.ietf.org>; Wed, 5 Mar 2003 13:09:26 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h25IK3T04061 for asrg-archive@odin.ietf.org; Wed, 5 Mar 2003 13:20:03 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h25IK3O04058 for <asrg-web-archive@optimus.ietf.org>; Wed, 5 Mar 2003 13:20:03 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA17817; Wed, 5 Mar 2003 13:08:53 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h25IGoO03848; Wed, 5 Mar 2003 13:16:50 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h25IEQO03546 for <asrg@optimus.ietf.org>; Wed, 5 Mar 2003 13:14:26 -0500
Received: from aismtp4g.bellsouth.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA17600 for <asrg@ietf.org>; Wed, 5 Mar 2003 13:03:16 -0500 (EST)
Received: from 01AL10015010060.ad.bls.com ([90.152.5.135] [90.152.5.135]) by aismtp4g.bellsouth.com with ESMTP for asrg@ietf.org; Wed, 5 Mar 2003 13:07:07 -0500
Received: by 01al10015010060.ad.bls.com with Internet Mail Service (5.5.2653.19) id <GH3FGCZF>; Wed, 5 Mar 2003 13:05:20 -0500
Message-Id: <4B91B49E5EBCBA448687A033B3C7BC5905F3D53F@bremocag>
From: "Sauer, Damon" <Damon.Sauer@BellSouth.com>
To: "'asrg@ietf.org'" <asrg@ietf.org>
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Subject: [Asrg] Multiple Suggestions
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 05 Mar 2003 13:05:13 -0500
Hello Colleagues, I truly do not think that there is a "Magic bullet" to kill all spam. However, I think that there are definite things that can be changed and introduced to make spamming a lot harder to accomplish successfully and much easier to identify and control. When spamming becomes "hard work" for the spammer, the cost vs. profit ratio for a spammer gets mighty thin and makes spamming no longer an easy way to earn extra gas money. As someone who has blocked over 1.1 billion spam messages last year at 49.8tb, I have come up with a few things that I would like to see discussed or implemented in some fashion. I call it "Spam herding", the migration of spammers off of legitimate ISP's and networks, to more "rogue" networks and ISP's. Once there, they can be penned, trapped and killed. (skinning is preferred by me) If they don't do it already, legitimate ISP's should close port 25. Route all SMTP traffic through their own servers and staff their abuse departments with enough people empowered to take direct and immediate action in spamming issues and in a timely fashion. ISP's should track credit cards. If an account is disabled for abuse (investigated and found to have merit) this credit card should be flagged by the ISP. All accounts established and/or associated with this card disabled and no further orders from this card should be taken. Charge for overuse of SMTP, over a certain level, for commercial email. Want to send 100,000 commercial emails? Charge a penny a piece over 10,000. This will not hurt list-serves as they are not commercial in nature and John Q. Public wont send 100,000 emails in his life. If you want to send legitimate commercial email, it is a value add service and should be charged for accordingly. A DNS type addition would be very helpful. Spammer connects as [196.68.1.12](example address only) and says "mail from: mom@momandpop.com" Currently doing a reverse lookup or momandpop.com would show receiving SMTP servers but not authorized sending servers. 196.68.1.12 shows up as a valid address but is in no way associated with momandpop.com. Although this domain is valid to the ISP, there is no way currently to specifically validate the true identity of the sender from the "mail from:" address alone. The addition of authorized SMTP servers IPs or IP ranges in the DNS record for momandpop.com (I will call it a PMX record) would allow a reverse look up of the "mail from:" address to the authorized ip or ip range. So a lookup of let say, spammer@yahoo.com, from a connecting host of 195.1.2.3, the reverse lookup of PMX would show that the authorized servers for Yahoo.com are IP range 200.1.1.1 /32. This connection could therefore be rejected as an unauthorized sender. This would require a major change in DNS and an additional RFC, but, there is no way to do what we need to do completely painlessly. A trusted and well respected (FREE) service for warehousing spam and publish spammer hosts and ip's. (Not going to comment on this one at all) Once all this is in place, the spammers will be uprooted and we will be herding them to servers and services that will do their work for them. These servers are rouge and will be killed one by one. Will big (short-sighted) ISP's be hurt? Maybe, but the change is the right thing to do and should be forced via RFC. Regards, Damon Sauer postmaster "If I had a penny for every spam message I ever blocked- I would have ALL the pennies!" ***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Multiple Suggestions Sauer, Damon
- Re: [Asrg] Multiple Suggestions Keith Moore
- RE: [Asrg] Multiple Suggestions Sauer, Damon
- Re: [Asrg] Multiple Suggestions Keith Moore
- RE: [Asrg] Multiple Suggestions Sauer, Damon
- Re: [Asrg] Multiple Suggestions Keith Moore