[Dshield] Question about spam sent to list address

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Mar 3 19:23:14 GMT 2006


On Fri, 03 Mar 2006 08:36:17 EST, Tom said:
> as bad or worse than spam is today.  What it does tell me that the 
> IETF needs to get off their tush and instead of trying to patch the 
> mail standards with non working "protections" like SPF, they need to 
> define a safe and secure replacement that we all can migrate to so 
> that this will be an eventual thing of the past.

The IETF has *tried* to get off its tush.  The problem is that there are
far too many people who say "it should do something" and very few that
actually have a *deployable* suggestion.

The problem with almost all "safe and secure replacements" suggested so far
is that they almost always follow this basic pattern:

1) Some sites deploy XYZ to replace SMTP. They can't turn off SMTP yet, because
98% of their correspondents haven't installed XYZ.  As a result, they see
essentially zero benefit from XYZ, but costs from supporting it - the spammers
keep sending via SMTP, and nobody sends via XYZ.

2) More sites deploy XYZ.  Nobody can turn off SMTP yet, because only 20% of the
sites have deployed XYZ. As a result, very little mail travels via XYZ, and the
software remains non-robust due to lack of testing.  And still nobody is seeing
a *benefit* because of a real reduction in whatever XYZ is supposed to stop.  The
spammers still use SMTP.

3) You never get to the point where 98% of the sites have deployed XYZ and you
can get away with turning off SMTP.

Basic operational reality:

You will never get a replacement protocol to deploy, as long as the early
deployers encounter support and deployment costs, but do not see any actual
*benefit* until the vast majority of sites have deployed it.  Similarly, you
can't deploy a protocol where the people who benefit aren't the people who are
deploying it. This is why BCP38 hasn't deployed further - when a network
deploys BCP38, it rarely sees benefit *itself* - the people who benefit are the
network's neighbors and peers, who see a reduction in spewage.

The only reason SSH has essentially replaced Telnet on the internet is because
early adopters *did* see an immediate benefit - each time you installed another
copy of SSH, that was one more host not sending cleartext.  You don't get any
benefit from using XYZ as long as you still have to accept mail via SMTP as
well, as the spammers and phishers will just stay on SMTP as long as possible.

And "filtering the remaining SMTP traffic" doesn't buy you anything - you can
do that *now* without deploying XYZ.

Feel free to suggest a protocol *and a method of deploying it* that avoids
the bootstrapping costs I've outlined above.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060303/03d3333f/attachment.bin


More information about the list mailing list