Yet another address harvesting analysis idea
Supposedly if you put a newly installed, unpatched Windows box on the 'net, with an Outlook address book full of fresh spamtrap addresses, you'll start getting spam to those addresses in something like 3 hours.
And if you buy a recently expired domain name and set up an SMTP server for it, then you will receive incoming email for quite a long period of time. Each one of those messages will have valid From and CC email addresses that you could collect. In order to truly secure the net against spammers we would need to secure both the email system and the DNS system. I use the word "system" in the context of General Systems Theory, to refer to everything connected with the transport of email across the Internet including the users, their interfaces, the MUAs, the MTAs and the protocols. Similarly for DNS, I include things like the domain name registries and registrars and their policies. Bandaid fixes only buy time, they don't fix the problem. --Michael Dillon P.S. ASRG is a good idea because it is systematically collecting and validating a lot of what we know about spam to make it easier for decision makers to understand the issues. http://www.irtf.org/asrg/
-----BEGIN PGP SIGNED MESSAGE----- Michael.Dillon@radianz.com wrote:
In order to truly secure the net against spammers we would need to secure both the email system and the DNS system. I use the word "system" in the context of General Systems Theory, to refer to everything connected with the transport of email across the Internet including the users, their interfaces, the MUAs, the MTAs and the protocols. Similarly for DNS, I include things like the domain name registries and registrars and their policies.
And we would need to protect the edges so that spammers can't just announce some netblock and spam the hell out of you, retract the announcement and are clean like babies (after washing them ;) For instance atm in IPv6 some entity is announcing 2001:248::/32 from a Japanese ASN, with a sole upstream AS in Hungary. I also saw a deallocated 6bone block trying to be used for circumventing a firewall rule, announcing the old block and hope the stupid admins didn't remove the old allow rules For the above to happen we really need a good filtering system in place allowing the router to decide if an announced prefix is really valid and if it really belongs to the originator and that the originator is allowed to announce it. ORF is a start but that only works between two boxes and basically tells the peer which prefixes you want to accept, then you will still need to configure that on every single router. What we really need is a way of inserting a prefixfilterlist into BGP, thus when a new allocation comes up that allocation can be added to the list quickly and announced per BGP. Things like trusting the source ASN is then another step. Unfortunatly we cannot control the complete internet as there will always be rogue operators, but we can make the best of it and try to exclude those networks from doing harm to the rest of the world. It's all about trust and sometimes that is a hard thing to find in this world. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP3f8iymqKFIzPnwjEQKXNgCglwKpTKCvip3oHmzG8zQVJpjGlysAoL+P 8max7MvVTwjBzbHenBXMm3Fl =umvL -----END PGP SIGNATURE-----
participants (2)
-
Jeroen Massar
-
Michael.Dillon@radianz.com