RE: Unplugging spamming PCs
Mail servers should be registered just like domains and shutdown by a registrar if they are misusing their registered services. This really needs to be handled by a multi-lateral legal solution, industry will not fix it alone. LP Best Regards, Larry Larry Pingree Partner Engineering Juniper Networks, Inc. 408-543-2190 "Visionary people, are visionary, partly because of the great many things they never get to see." - Larry Pingree Juniper Networks Logo -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Petri Helenius Sent: Wednesday, June 23, 2004 1:15 PM To: Sam Hayes Merritt, III Cc: nanog@merit.edu Subject: Re: Unplugging spamming PCs Sam Hayes Merritt, III wrote:
Proactive would be blocking port 25 except to comcast.net's mail
servers,
at least on retail users without static IPs, and then opening it up if the customer cannot work around it by using comcast's mail server to send out. Thats what responsible ISPs have done.
No, that would be punishing before the crime happened. Responsible would be to punish swiftly after the fact, but not before. Pete
Larry Pingree <lpingree@juniper.net> wrote:
Mail servers should be registered just like domains and shutdown by a registrar if they are misusing their registered services. This really needs to be handled by a multi-lateral legal solution, industry will not fix it alone.
Yes, that's just what we need. More unworkable legislation that nobody'll bother to enforce in the intended manner anyway. It's not as if many of the things one has to do to spam effectively isn't already good for a few years behind bars, yet I don't exactly see prisons bulging with spammers. Let's suppose mail servers are registered like domains. What mechanism is there going to be in place to shut down the mail server if it starts misbehaving? Sending in the Marines? And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? -- PGP key ID E85DC776 - finger abuse@mooli.org.uk for full key
And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting?
Well, just a couple of days ago I read about a Russian court in Chelyabinsk that sentenced a spammer to two years in prison. It's the first conviction under a Russian law that forbids the use of malicious software and the court felt that the spamming scripts used by this guy were malicious software. What he did was to send text messages to mobile phone subscribers of a single company by means of a web gateway. I think the main reason he was put on trial was because the mobile operator whose customers were getting the spam and whose gateway was being misused, went to the police and complained. How many ISPs in the USA go to the police and register official complaints about spammers? We have lots of smart people who can track down and identify spammers but it does no good unless the companies who suffer damage register an official police complaint. --Michael Dillon
That sentence is A joke 15000 subscribers affected Court Convicts Obscene Text Messager http://www.reuters.com/newsArticle.jhtml;jsessionid=IPQ4NZVA4P24ACRBAELCFEY?type=technologyNews&storyID=5504916 --- Michael.Dillon@radianz.com wrote:
And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting?
Well, just a couple of days ago I read about a Russian court in Chelyabinsk that sentenced a spammer to two years in prison. It's the first conviction under a Russian law that forbids the use of malicious software and the court felt that the spamming scripts used by this guy were malicious software.
What he did was to send text messages to mobile phone subscribers of a single company by means of a web gateway. I think the main reason he was put on trial was because the mobile operator whose customers were getting the spam and whose gateway was being misused, went to the police and complained. How many ISPs in the USA go to the police and register official complaints about spammers? We have lots of smart people who can track down and identify spammers but it does no good unless the companies who suffer damage register an official police complaint.
--Michael Dillon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Larry Pingree wrote: | Mail servers should be registered just like domains and shutdown by a | registrar if they are misusing their registered services. This really | needs to be handled by a multi-lateral legal solution, industry will not | fix it alone. Very bad, very unworkable solution. There's just too many mail servers out there (legitimate ones) for this to be even remotely feasible. Systems like SPF are on the right tracks but it's still not a very elegant solution. My vote is still for some kind of public key authentication built around already existing protocols (TLS for example). The free e-mail providers would be number one on my list to implement this! It'd still be a lot of work and require total cooperation from the Internet community, however. Of course, if I knew a total solution that'd please everyone I wouldn't be sitting here writing this. I'd be sitting on my private Island in the South Pacific sipping cocktails :-) Chris - -- Chris Horry KG4TSM "You're original, with your own path zerbey@wibble.co.uk You're original, got your own way" PGP: DSA/2B4C654E -- Leftfield -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA2uFTnAAeGCtMZU4RAkB0AJ9Hg8Y/zK4KO7kBqqHyYrIMYqXlrACfbwnC owpXEEltr3LD7hdhEcMeitY= =G1Fw -----END PGP SIGNATURE-----
participants (5)
-
abuse@cabal.org.uk -
Chris Horry -
Henry Linneweh -
Larry Pingree -
Michael.Dillon@radianz.com