RE: Lazy network operators

Daryl_G_Jurbala · April 14, 2004, 12:55pm

From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
Behalf Of Michael.Dillon@radianz.com
Sent: Wednesday, April 14, 2004 5:18 AM
To: nanog@merit.edu
Subject: Re: Lazy network operators

[...]

A tier 1 provider in the SMTP mesh does not have to
be the same thing as a tier 1 provider in the
physical mesh. See the structure of the NNTP mesh
over the years for examples. I fully expect to see
specialized email peering providers arise who will
have SMTP peering arrangements with the large email
site like AOL, Yahoo, Hotmail etc. and who then arrange
peering with large numbers of smaller sites who either
cannot find SMTP peering locally or who want to
be assured of alternate SMTP routes in the event
their main peer cannot reach all destinations.

Michael, I picked your message simply as a representative of this
viewpoint. But can you ro someone who shares this idea please explain
to me how this model accounts for compromised hosts sending their spam
through the default MTA or using the default MTA setting son the host?
After all of this trouble to get such a system in place, it's going to
take the spammers 1/100th of the effort the operation community has put
in to thwart the system.

But maybe I'm wrong. I'd love to be wrong on this one.

Daryl G. Jurbala
BMPC Network Operations
Tel (NY): +1 917 477 0468 x235
Tel (MI): +1 616 608 0004 x235
Tel (UK): +44 208 792 6813 x235
Fax: +1 215 862 9880
INOC-DBA: 26412*DGJ

PGP Key: http://www.introspect.net/pgp

michael.dillon2 · April 14, 2004, 1:46pm

> I fully expect to see
> specialized email peering providers arise who will
> have SMTP peering arrangements with the large email
> site like AOL, Yahoo, Hotmail etc. and who then arrange
> peering with large numbers of smaller sites who either
> cannot find SMTP peering locally or who want to
> be assured of alternate SMTP routes in the event
> their main peer cannot reach all destinations.

But can you ro someone who shares this idea please explain
to me how this model accounts for compromised hosts sending their spam
through the default MTA or using the default MTA setting son the host?

In some cases, the user's ISP will block port 25
thus blocking this email.

In some cases, the user's ISP will do nothing but
the recipient ISP will not recognize the sender as
an SMTP peer and will deny port 25 connections.

In some cases, the user's ISP will use authenticated
port 587 local mail relay as the only possible outbound
route and this SPAM will enter the mail system at
that point. Then the ISP may implement rate limiting
to prevent more than 10 messages a day outbound or
the ISP may have SPAM detection on their relay or
the ISP may do nothing. If the ISP has SPAM detection
on the relay they can do additional things such as portscan
the user and/or shut down all IP connectivity because they
have a contractual relationship. If the ISP does nothing
then their peers or the recipient ISP can track the email
back through the peer-to-peer path and contact the sender's
ISP to resolve the issue. So, to summarize, the local ISP
has more tools to use in detecting and stopping compromised
hosts and everyone else has a reasonable certainty of the
origin of the email which they can use to get satisfaction.

After all of this trouble to get such a system in place, it's going to
take the spammers 1/100th of the effort the operation community has put
in to thwart the system.

I think you are wrong on this one. I don't doubt that spammers
will attempt to subvert the new architecture and I don't
doubt that technical exploits will be found. But I am confident
that the costs to the spammer will rise and the volume of
spam delivered will decrease. In combination this will mean
that spam is no longer a viable business model even for the
criminal gangs that are currently using it. Once word gets
around, they will stop trying.

Like Alex Bligh said, fixing the email architecture involves
a number of interrelated actions. No single action by itself
is a magic bullet but by integrating several of them we can
build a more robust framework. And I don't like to think of this
as "stopping spam". It's really about fixing the Internet's email
architecture so we don't have to go back to postal mail and
faxes. I want the glory days of 1994 back again when 99% of my
incoming email was relevant to me and the spam was humorous stuff
like Rev. Kris Korda and the Church of Euthanasia.

Michael Dillon