Re: Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at
In the fullness of time, the universe itself will die of heat. So what?
How come this makes me want to raise the issue of our immortal souls?
spammers have souls?
So for example saying this or that filter appears to have repelled 1M spam msgs per day doesn't really prove much unless one can say with some (preferably mathematical) confidence that it's actually reduced spam not just caused it to flow around the filter.
Put another way it'd be nice to know that a technical approach was statistically superior to just shutting off SMTP for an hour per day which would also block some amount of spam. Look! Not one single piece of spam from 1AM-2AM (while we had our machinery all turned off.)
i measure success by the fraction: rejected_spam / total_spam thus if i can reject 6000/10000 that may not seem better than rejecting 1000/4000 since i ended up dealing with 4000 received spams rather than 3000, but it actually does mean that my situation got better _compared_to_having_done_nothing_. (those are weekly figures for my own personal server; hotmail sees the same numbers in less than one second, which helps understand the importance of total rational impact rather than simple absolute unrejected volume.) (once postfix supports dcc i expect to see it change to 8000/10000, btw.)
Maybe there is no technical solution, of any value, possible (at the system / DoS level, not talking about individual approaches like whitelisting.)
I'm quite serious.
i know you are, but i think the better statement would be "there is not going to be a single long term solution, either technical or nontechnical." we're going to see a lot of point solutions, as each participant seeks to shift the costs of handling unwanted e-mail away from themselves.
My point is that I think we really need to start focusing on solutions which aren't primarily or solely technical.
the folks at http://spam.abuse.net/ and http://www.cauce.org/ and even http://www.spamcon.org/ would be alarmed to hear you say that they've been focused on purely technical solutions all these years.
At 9:59 PM +0000 2002/08/27, Paul Vixie wrote:
My point is that I think we really need to start focusing on solutions which aren't primarily or solely technical.
the folks at http://spam.abuse.net/ and http://www.cauce.org/ and even http://www.spamcon.org/ would be alarmed to hear you say that they've been focused on purely technical solutions all these years.
Yup. Ever since these organizations were created, I've been saying that they're focusing on the wrong aspect of the wrong problem. I've known Ray Everrett Church for years, and he and I have had this discussion multiple times before. Sadly, it doesn't seem to have had any impact. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
On Tue, 27 Aug 2002, Paul Vixie wrote:
(once postfix supports dcc i expect to see it change to 8000/10000, btw.)
Interesting...I can't find any mention of integrating dcc support into postfix (other than invoking procmail). Do you have any details or is this wishful speculation? That would be quite nice... Thanks, Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
From: Paul Vixie <paul@vix.com>
i measure success by the fraction:
rejected_spam / total_spam
thus if i can reject 6000/10000 that may not seem better than rejecting 1000/4000 since i ended up dealing with 4000 received spams rather than 3000, but it actually does mean that my situation got better _compared_to_having_done_nothing_.
Fair enough but let me explain why I find this unsatisfying. It's like I'm living in a neighborhood where the crime rate is rising and rising, and you're "selling" security grates and better locks. They even seem to keep the crooks out of the bedroom at night for a while anyhow, so that's your measure, often keeps you from being murdered! The problem is, the crooks are still banging at the doors, trying to crowbar their way in, etc. Let me give two common spam examples to show this is a very tight analogy: a) The other day our mail servers were groaning unusually. What was happening was that someone had firehosed MSN.COM with a spam with a return address forged with our domain. So even tho we were blocking it, in fact the bounce user didn't exist so we didn't really have to block it, all of MSN's server power being pointed at us trying to return many thousands of bounces as fast as they could was quite painful. b) A few weeks ago I counted over 200 open relays simultaneously spewing the same spam at us. The point being they will fill your pipes, cause you to need more servers just to run these various filters, run our people ragged, etc. So, it's nice that someone is providing security grates and alarm systems etc, but it'd be nice if the crack (spam) houses would just shut down entirely so we could sit on our porches and chit-chat without worrying about the constant drive-by shootings. If you get my drift. And that's going to require socio-legal approaches, not ever stronger security grates. Because sooner or later you can't see out the grated windows any more or get some air through them, and you're afraid to go outside... -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
Barry Shein wrote:
Fair enough but let me explain why I find this unsatisfying.
It's like I'm living in a neighborhood where the crime rate is rising and rising, and you're "selling" security grates and better locks.
They even seem to keep the crooks out of the bedroom at night for a while anyhow, so that's your measure, often keeps you from being murdered!
The problem is, the crooks are still banging at the doors, trying to crowbar their way in, etc.
But as long as you live that's better than letting them have their ways now is it. Now stop the anal-ogies and come up with something that will _stop_ the crackdealing. You might notice due the fact that the internet is an immense thing, spread over many different countries with many different regulations and laws that one certainly can't "break down the crackhouses and stop the drive-by's"
Let me give two common spam examples to show this is a very tight analogy:
a) The other day our mail servers were groaning unusually.
What was happening was that someone had firehosed MSN.COM with a spam with a return address forged with our domain.
So even tho we were blocking it, in fact the bounce user didn't exist so we didn't really have to block it, all of MSN's server power being pointed at us trying to return many thousands of bounces as fast as they could was quite painful.
b) A few weeks ago I counted over 200 open relays simultaneously spewing the same spam at us.
Thats where RBL's are for, they close them up, if you had used an RBL your box would simply deny those relays at all, block them IP based and bingo no spewing from them.
The point being they will fill your pipes, cause you to need more servers just to run these various filters, run our people ragged, etc. If it's war you are talking about, they could also 'simply' ddos your boxes away, with spam or with packets, they don't mind...
So, it's nice that someone is providing security grates and alarm systems etc, but it'd be nice if the crack (spam) houses would just shut down entirely so we could sit on our porches and chit-chat without worrying about the constant drive-by shootings. One way of doing that is pulling your plug from the internet, there are always going to be people who don't and won't play nice simply because they see some easy bucks or at least even if they think they see them ;) Or they simply won't because they think it's fun to harrass others. Kick one down and the next comes up, put a bar in their faces and they will need to do more work to get in, but at least one is not keeping the door open for them putting it in your words: 'killing you in your sleep'.
If you get my drift.
And that's going to require socio-legal approaches, not ever stronger security grates. Nopes all it takes is making the protocol secure against these fake messages. This takes away the way of even sending you the message at all and stops your bounces ;)
Because sooner or later you can't see out the grated windows any more or get some air through them, and you're afraid to go outside... Never been in the city (those places where more than 100k people live) now have you ?
Greets, Jeroen
At 11:54 AM +0200 2002/08/29, Jeroen Massar wrote:
But as long as you live that's better than letting them have their ways now is it.
It's still the death of a thousand cuts. Yes, it buys us time, but we have to use that time wisely to get real socio-legal solutions. And we have to get people to agree that the only thing it really does is buy us time, so that we can get real socio-legal solutions faster -- hopefully, in time to save the patient.
Now stop the anal-ogies and come up with something that will _stop_ the crackdealing.
I could say the same to you.
b) A few weeks ago I counted over 200 open relays simultaneously spewing the same spam at us.
Thats where RBL's are for, they close them up, if you had used an RBL your box would simply deny those relays at all, block them IP based and bingo no spewing from them.
That's assuming that all those open relays were on one of the blacklists. Even then, they'd still hammer his machines with connections.
Because sooner or later you can't see out the grated windows any more or get some air through them, and you're afraid to go outside...
Never been in the city (those places where more than 100k people live) now have you ?
Yeah, I have. Those people still leave their apartments on occasion. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
On August 29, 2002 at 11:54 jeroen@unfix.org (Jeroen Massar) wrote:
Never been in the city (those places where more than 100k people live) now have you ?
Born and raised in NYC, lived the past 25+ years in Boston, spent some time in between living in LA. If there are any other questions I can help you with please, please don't hesitate to ask. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
participants (5)
-
Andy Dills -
Barry Shein -
Brad Knowles -
Jeroen Massar -
Paul Vixie