[9fans] forget authing the senders

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

* [9fans] forget authing the senders
@ 2003-09-28 18:01 boyd
  2003-09-28 18:35 ` Lucio De Re
  0 siblings, 1 reply; 6+ messages in thread
From: boyd @ 2003-09-28 18:01 UTC (permalink / raw)
  To: 9fans

why not just use a lamport hash and auth the smtp servers?

it'd slow 'em down and you could do it during the 'greeting' phase.

whether you accept or deny is up to you, but if you accecpt you could tag the
message with:

   X-did-the-wrong-thing: ip

and filter those.

back-pressure will kill 'em eventually, which was my initial response
when faced with 'you must send iso-latin-1 across a 7 bit channel'
(IMP's where the cause of the right?).

no new rfc's, no new technology (not much) and the only problem (iirc)
is communicating the shared secret.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [9fans] forget authing the senders
  2003-09-28 18:01 [9fans] forget authing the senders boyd
@ 2003-09-28 18:35 ` Lucio De Re
  2003-09-28 18:51   ` boyd
  2003-09-28 19:08   ` boyd
  0 siblings, 2 replies; 6+ messages in thread
From: Lucio De Re @ 2003-09-28 18:35 UTC (permalink / raw)
  To: 9fans

On Sun, Sep 28, 2003 at 02:01:47PM -0400, boyd@sdgm.net wrote:
>
> why not just use a lamport hash and auth the smtp servers?
>
We're juggling a bunch of hot potatoes.  Understand that I have
collected:

	total   134     23753   94484

the above number of instances of SMTP connections from hosts with
no reverse lookup (PTR RR) for their IP(v4) address.

The first number is the number of such messages in the last 24
hours, the second is the accumulation of _unique_ addresses, the
third is the total number of messages over a rather long period,
say 600 days.  I don't think it's that long, I'm sure it's less
than a year.

This on a single, fairly busy host.  I must try to remember the
URL that displays this information in some detail...

Anyway, I was all set to reject this traffic on that particular
host, as well as my one largish client's mail server.  It turns
out that the risk of losing mail is greater than the incentive for
the senders to repair their sloppy configuration.  Pragmatically,
I had to buck.

That's reality.  As long as we are prepared to tolerate, aid and
abet poor 'net practices, the spammers will be able to exploit the
same attitudes to their ends.  If no one replied to SPAM advertising,
it would die a natural death.  If all relay exchangers were closed,
spamming would be too hard to do.

At the end of the day, I believe that only legislating spam as a
form of criminal activity and being able to identify and prosecute
at least a majority of the perpetrators is going to eliminate the
problem.  It's unlikely, but not impossible and should not be
discarded as an option.

++L

PS: Here's the promised URL:

	http://network.hivemind.net/cgi-bin/spamshow.sh

it delivers quite a large file, so don't expect fast response (I'm
still waiting).  Yes, I see I started collection on February 13th.

I do appreciate that many of the IP addresses may well have been
repaired since they were added to this list.  It's hardly of any more
than curiosity value, but it's given me pause for thought.

And the IP address sort is only feebly numeric.  Enough for a
guideline.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [9fans] forget authing the senders
  2003-09-28 18:35 ` Lucio De Re
@ 2003-09-28 18:51   ` boyd
  2003-09-29  5:38     ` Lucio De Re
  2003-09-28 19:08   ` boyd
  1 sibling, 1 reply; 6+ messages in thread
From: boyd @ 2003-09-28 18:51 UTC (permalink / raw)
  To: 9fans

you don't need a reverse lookup.  you never use domain name.
getpeername(2) on lunix will hand up the address -- always
use dotted quads.

anyway?  where is your face?

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [9fans] forget authing the senders
  2003-09-28 18:35 ` Lucio De Re
  2003-09-28 18:51   ` boyd
@ 2003-09-28 19:08   ` boyd
  1 sibling, 0 replies; 6+ messages in thread
From: boyd @ 2003-09-28 19:08 UTC (permalink / raw)
  To: 9fans

no

    At the end of the day, I believe that only legislating spam as a
    form of criminal activity and being able to identify and prosecute
    at least a majority of the perpetrators is going to eliminate the
    problem.  It's unlikely, but not impossible and should not be
    discarded as an option.

jurisdiction, proof, varied legal systems -- it will NOT work.

i want my 'final solution' and every spam i get motivates me to take
these T's down -- with a technical solution.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [9fans] forget authing the senders
  2003-09-28 18:51   ` boyd
@ 2003-09-29  5:38     ` Lucio De Re
  2003-09-29  9:22       ` boyd
  0 siblings, 1 reply; 6+ messages in thread
From: Lucio De Re @ 2003-09-29  5:38 UTC (permalink / raw)
  To: 9fans

On Sun, Sep 28, 2003 at 02:51:46PM -0400, boyd@sdgm.net wrote:
>
> you don't need a reverse lookup.  you never use domain name.
> getpeername(2) on lunix will hand up the address -- always
> use dotted quads.
>
Thing is, I can suppress SPAM to my own workstation, but not to my
client's users, on the off chance that something important arrives
unsolicited.

I can't afford to reply and request confirmation, because then I've
alerted the spammer that my address is in fact valid; something in
the current climate I'd rather avoid (our discussion has omitted
that fact, but I can see why).

I _could_ demand that the DNS for the connecting exchanger be set
up in both directions, preferably matched, as my mail exchanger
can validate such details.  But at the user level this is unacceptable:
too many exchangers are _not_ set up in such a fashion and many of
them are legitimate forwarders.

The same with relays, but more pervasive.  In case you wonder, my
own exchanger (cackle.proxima.alt.za [196.30.44.141]) will reject
mail from exchangers with unresolved IP addresses.  I keep stats
for that as well, but they are not as high, understandably, and
they are not web-accessible.

> anyway?  where is your face?

Rhetoric question?  It's in the Plan 9 distribution.

++L

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [9fans] forget authing the senders
  2003-09-29  5:38     ` Lucio De Re
@ 2003-09-29  9:22       ` boyd
  0 siblings, 0 replies; 6+ messages in thread
From: boyd @ 2003-09-29  9:22 UTC (permalink / raw)
  To: 9fans

build a filtering firewall.


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2003-09-29  9:22 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-09-28 18:01 [9fans] forget authing the senders boyd
2003-09-28 18:35 ` Lucio De Re
2003-09-28 18:51   ` boyd
2003-09-29  5:38     ` Lucio De Re
2003-09-29  9:22       ` boyd
2003-09-28 19:08   ` boyd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).