Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at

> In the fullness of time, the universe itself will die of heat. So what?

How come this makes me want to raise the issue of our immortal souls?

spammers have souls?

So for example saying this or that filter appears to have repelled 1M
spam msgs per day doesn't really prove much unless one can say with
some (preferably mathematical) confidence that it's actually reduced
spam not just caused it to flow around the filter.

Put another way it'd be nice to know that a technical approach was
statistically superior to just shutting off SMTP for an hour per day
which would also block some amount of spam. Look! Not one single piece
of spam from 1AM-2AM (while we had our machinery all turned off.)

i measure success by the fraction:

  rejected_spam / total_spam

thus if i can reject 6000/10000 that may not seem better than rejecting
1000/4000 since i ended up dealing with 4000 received spams rather than
3000, but it actually does mean that my situation got better
_compared_to_having_done_nothing_.

(those are weekly figures for my own personal server; hotmail sees the
same numbers in less than one second, which helps understand the importance
of total rational impact rather than simple absolute unrejected volume.)

(once postfix supports dcc i expect to see it change to 8000/10000, btw.)

Maybe there is no technical solution, of any value, possible (at the
system / DoS level, not talking about individual approaches like
whitelisting.)

I'm quite serious.

i know you are, but i think the better statement would be "there is not
going to be a single long term solution, either technical or nontechnical."
we're going to see a lot of point solutions, as each participant seeks to
shift the costs of handling unwanted e-mail away from themselves.

My point is that I think we really need to start focusing on solutions
which aren't primarily or solely technical.

the folks at http://spam.abuse.net/ and http://www.cauce.org/ and even
http://www.spamcon.org/ would be alarmed to hear you say that they've
been focused on purely technical solutions all these years.

Yup. Ever since these organizations were created, I've been saying that they're focusing on the wrong aspect of the wrong problem. I've known Ray Everrett Church for years, and he and I have had this discussion multiple times before. Sadly, it doesn't seem to have had any impact.

Interesting...I can't find any mention of integrating dcc support into
postfix (other than invoking procmail). Do you have any details or is this
wishful speculation?

That would be quite nice...

Thanks,
Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

i measure success by the fraction:

rejected_spam / total_spam

thus if i can reject 6000/10000 that may not seem better than rejecting
1000/4000 since i ended up dealing with 4000 received spams rather than
3000, but it actually does mean that my situation got better
_compared_to_having_done_nothing_.

Fair enough but let me explain why I find this unsatisfying.

It's like I'm living in a neighborhood where the crime rate is rising
and rising, and you're "selling" security grates and better locks.

They even seem to keep the crooks out of the bedroom at night for a
while anyhow, so that's your measure, often keeps you from being
murdered!

The problem is, the crooks are still banging at the doors, trying to
crowbar their way in, etc.

Let me give two common spam examples to show this is a very tight
analogy:

a) The other day our mail servers were groaning unusually.

What was happening was that someone had firehosed MSN.COM with a spam
with a return address forged with our domain.

So even tho we were blocking it, in fact the bounce user didn't exist
so we didn't really have to block it, all of MSN's server power being
pointed at us trying to return many thousands of bounces as fast as
they could was quite painful.

b) A few weeks ago I counted over 200 open relays simultaneously
spewing the same spam at us.

The point being they will fill your pipes, cause you to need more
servers just to run these various filters, run our people ragged, etc.

So, it's nice that someone is providing security grates and alarm
systems etc, but it'd be nice if the crack (spam) houses would just
shut down entirely so we could sit on our porches and chit-chat
without worrying about the constant drive-by shootings.

If you get my drift.

And that's going to require socio-legal approaches, not ever stronger
security grates.

Because sooner or later you can't see out the grated windows any more
or get some air through them, and you're afraid to go outside...

Barry Shein wrote:

Fair enough but let me explain why I find this unsatisfying.

It's like I'm living in a neighborhood where the crime rate is rising
and rising, and you're "selling" security grates and better locks.

They even seem to keep the crooks out of the bedroom at night for a
while anyhow, so that's your measure, often keeps you from being
murdered!

The problem is, the crooks are still banging at the doors, trying to
crowbar their way in, etc.

But as long as you live that's better than letting them have their ways
now is it.
Now stop the anal-ogies and come up with something that will _stop_ the
crackdealing.
You might notice due the fact that the internet is an immense thing,
spread over many
different countries with many different regulations and laws that one
certainly can't
"break down the crackhouses and stop the drive-by's"

Let me give two common spam examples to show this is a very tight
analogy:

a) The other day our mail servers were groaning unusually.

What was happening was that someone had firehosed MSN.COM with a spam
with a return address forged with our domain.

So even tho we were blocking it, in fact the bounce user didn't exist
so we didn't really have to block it, all of MSN's server power being
pointed at us trying to return many thousands of bounces as fast as
they could was quite painful.

b) A few weeks ago I counted over 200 open relays simultaneously
spewing the same spam at us.

Thats where RBL's are for, they close them up, if you had used an RBL
your box would simply deny those relays at all, block them IP based and
bingo
no spewing from them.

The point being they will fill your pipes, cause you to need more
servers just to run these various filters, run our people ragged, etc.

If it's war you are talking about, they could also 'simply' ddos your
boxes
away, with spam or with packets, they don't mind...

So, it's nice that someone is providing security grates and alarm
systems etc, but it'd be nice if the crack (spam) houses would just
shut down entirely so we could sit on our porches and chit-chat
without worrying about the constant drive-by shootings.

One way of doing that is pulling your plug from the internet, there are
always
going to be people who don't and won't play nice simply because they see
some
easy bucks or at least even if they think they see them
Or they simply won't because they think it's fun to harrass others.
Kick one down and the next comes up, put a bar in their faces and they
will need
to do more work to get in, but at least one is not keeping the door open
for them
putting it in your words: 'killing you in your sleep'.

If you get my drift.

And that's going to require socio-legal approaches, not ever stronger
security grates.

Nopes all it takes is making the protocol secure against these fake
messages.
This takes away the way of even sending you the message at all and stops
your bounces

Because sooner or later you can't see out the grated windows any more
or get some air through them, and you're afraid to go outside...

Never been in the city (those places where more than 100k people live)
now have you ?

Greets,
Jeroen

But as long as you live that's better than letting them have their ways
now is it.

  It's still the death of a thousand cuts. Yes, it buys us time, but we have to use that time wisely to get real socio-legal solutions. And we have to get people to agree that the only thing it really does is buy us time, so that we can get real socio-legal solutions faster -- hopefully, in time to save the patient.

Now stop the anal-ogies and come up with something that will _stop_ the
crackdealing.

  I could say the same to you.

b) A few weeks ago I counted over 200 open relays simultaneously
spewing the same spam at us.

Thats where RBL's are for, they close them up, if you had used an RBL
your box would simply deny those relays at all, block them IP based and
bingo no spewing from them.

  That's assuming that all those open relays were on one of the blacklists. Even then, they'd still hammer his machines with connections.

Because sooner or later you can't see out the grated windows any more
or get some air through them, and you're afraid to go outside...

Never been in the city (those places where more than 100k people live)
now have you ?

  Yeah, I have. Those people still leave their apartments on occasion.

Born and raised in NYC, lived the past 25+ years in Boston, spent some
time in between living in LA.

If there are any other questions I can help you with please, please
don't hesitate to ask.