North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Anti-spam System Idea

  • From: Stephen Sprunk
  • Date: Sun Feb 15 23:22:37 2004

This topic has been consistently ruled off-topic for NANOG by Merit's staff.
Please respect those of us who don't want to hear about spam here.

For those interested, the IRTF's ASRG is actively studying anti-spam
techniques and I'm sure they'd be interested in hearing all of your ideas
(after you verify they haven't been tried before).
http://www.irtf.org/charters/asrg.html

S

Stephen Sprunk        "Stupid people surround themselves with smart
CCIE #3723           people.  Smart people surround themselves with
K5SSS         smart people who disagree with them."  --Aaron Sorkin
----- Original Message ----- 
From: "Tim Thorpe" <tim@cleanyourdirt.com>
To: <nanog@merit.edu>
Sent: Saturday, 14 February, 2004 02:30
Subject: Anti-spam System Idea


>
> I wanted to run this past you to see what you thought of it and get some
> feedback on pro's and cons of this type of system.
>
>  I have been thinking recently about the ever increasing amount of spam
that
> is flooding the internet, clogging mail servers, and in general pissing us
> all off.
>
> I think it time to do something about it. very few systems are effective
at
> blocking spam at the server level, and the ones that exist have a less
then
> stellar reputation and are not very effective on top of that.
>
> 95% of spam comes through relays and its headers are forged tracking an
> E-mail back that you've received is becoming next to impossible, its also
> very time consuming and why waste your time on scumbags?
>
> my idea;
> a DC network that actively scans for active relays and tests them, it
> compiles a list on a daily basis of compromised IP addresses (or even
> addresses that are willingly allowing the relay) making this list freely
> available to ISPs via a secure and tracked site.
>
> to test a relay you actually have to send mail through it, I have a
solution
> for this as well, the clients are set to e-mail a certain address that
> changes daily the E-mails are signed with a crypto key to verify
> authenticity (that way spammers can't abuse the address if it doesn't have
> the key, it get canned)
>
> work with ISP's to correct issues on their network help completely black
> list IP's from their network that are operating as an open relay and
> redirect to a page that alerts them of the compromise and solutions to fix
> the problem. the only way people are going to become aware of security
> issues such as this is if something happens that wakes them up, if they
> can't access a % of the web it would hopefully clue them in.
>
> because these scans only need to take place once per IP per day and over a
> large distribution of computers performing the tests, I don't see network
> load becoming a big issue, no bigger then it currently is.
>
> the only way to fight spammers is to squeeze them out of hiding, and
that's
> what I hope this system would be designed to do.
>
> I do not have the coding knowledge to do this I will need coders, I do
have
> the PR skills to work with ISPs. I am also working with my congresswoman
to
> pave the way for legal clearance for this program.
>
> I would greatly appreciate your input on this and anything I may have
> overlooked. I would also like to know if this would be a DC program you
> would run.
>
> a lot of people argue the practical application of DC. although we know
> differently this project would show them what DC can do for them and wake
> them up to perhaps other DC projects.
>
>