I keep reading these articles and reports about this botnet and that botnet problem and how many user's pc's are infected. The only thing I don't see is a way to remove these bots! Not everyone knows how to even look at their machines for signs of these bots. Heck, I know most of my guys here don't even know how these bots work. It would be impossible to educate everybody but it's better to try than sitting around blocking this and that and not really solving the issue at hand. My .02 cents. ------------------------------------------------- Joel Perez | Network Engineer 305.914.3412 | Ntera ------------------------------------------------- -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Michael.Dillon@radianz.com Sent: Thursday, February 03, 2005 9:47 AM To: nanog@merit.edu Subject: Re: Time to check the rate limits on your mail servers
Do you let your customers send an unlimited number of emails per day? Per hour? Per minute? If so, then why?
Doing that - especially now when this article has hit the popular press and there's going to be lots more people doing the same thing - is going to be equivalent of hanging out a "block my email" sign.
I don't understand your comment. This is an arms race. The spammers and botnet builders are attempting to make their bots use the exact same email transmission channels as your customers' email clients. They are getting better at doing this as time goes on. I think we are at the point where the technical expertise of the botnet builders is greater than the technical expertise of most people working in email operations. We cannot win this battle by continuing to attempt to trump their technical abilities. However, if we shift the battleground to a location where network operators have the upper hand, we can do better. And that's why I suggest that people should start looking at email volume controls. The vast majority of individual users only send a small number of emails over a given time period whether you measure that time period in minutes, hours or days. SPAM is a form of DDoS against the Internet's email architecture. Rate limiting has proven to be an effective way of mitigating DDoS because it strikes at the very core of the DoS methodology. Why not deploy this strategy against email? Please note that I am not suggesting that this is a way to "solve" the SPAM problem. First of all, I do not agree that there is a SPAM problem. The fundamental problem is that the Internet email architecture is flawed. SPAM is merely a symptom of those flaws. If we fix the architecture, then nobody will care about SPAM. As you can see, two separate problems are becoming intertwingled here. In the past we had viruses, DDoS, botnets, SPAM, phishing. But now, all of these things are merging and evolving together. And secondly, I'm only pointing out that there are reasons for people to start thinking about rate limiting email on their networks. I'm suggesting that people should be asking questions. I don't think it is wise to run out and slap rate limits on mail infrastructure without thinking through the implications. --Michael Dillon