North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Anti-spam System Idea

  • From: Sean Donelan
  • Date: Sun Feb 15 21:31:51 2004

On Sun, 15 Feb 2004, Jon R. Kibler wrote:
> OK, I was sloppy in my wording... I should have said that we block
> published dynamic netblks, including dial, cable, xDSL, and wireless.
> That still catches something less than 5% of spam originating from DHCP
> connections.

Then it sounds like you have an incomplete list of dynamic network blocks.

Why do you think you will be any more successfull convincing more than 5%
of ISPs to block ports, when you haven't been successfull convincing them
to give you more than 5% of their dynamic address ranges?

> Also, most ISPs (at least that serve the SE U.S.) AUP prohibit the
> running of any type of server on a DHCP connection. I know of at least
> one that regularly drop service to any system found running web, mail,
> IRC, proxy, ftp, telnet, or any of a dozen other different servers on
> any DHCP connection.

"Most" ISPs prohibit any type of server on a DHCP connection?

Some cable providers do this due to some limitations in their network
architecture, but I would be surprised if "most" (i.e. more than 50%) ISPs
prohibit servers.  Why do you think DynDNS type services are so popular?
So people can run servers on DHCP addresses.  Peer-to-Peer is a very
popular server used on mostly dynamic addresses.

Do you really want a read-only Internet, where only the Fortune 1000 are
permitted to operate servers and everyone else must be a client?

> > Blocking port 25 blocks the ability of all MTA's to send any type of mail.
> > "Non-legitimate" is a determination best made by the two parties involved
> > in the communication.
> Why should hundreds of thousands of MTAs each have to make the
> determination that a given system wishing to make a connection is
> running spamware on a hacked system when that user's ISP could simply
> block that user and save everyone else the grief?

How should an ISP decide whether or not it is "legitimate" for the user to
run an MTA? If they pay an extra $10 a month, they can legitimately run a
server? Or are you are proposing blocking all access, regardless of its

The fact of the matter is system admins need to protect their own systems
because you never know if the remote system making the connection has been
hacked regardless how the IP address was assigned.  Blocking dynamic IP
addresses doesn't make you safer if you fail to protect your own

> To me, the approach you advocate is something like saying "do away with
> any centralized law enforcement, force everyone to carry guns, and if
> anyone suspects that someone else is committing a crime, they are
> obliged to shoot them." I believe that blocking spam at its source is
> far easier than blocking it at every possible destination. The less
> parties involved in blocking the spam, the higher the probability that
> the spam will be successfully blocked.

In reality there are fewer destinations than sources.

Then let's centralize it completely.  The FCC will license ISPs and
set the regulations they must enforce.  Ma Bell will be reformed as the
single telecommunications provider. Everyone must use the MTA's
operated by Ma Bell.  Will that stop spam?