North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)
> > with EC2, it's game-over for the IP reputation industry > > Realistically speaking, did you not expect that to be inevitable? i didn't, no. when i unknowingly launched the IP reputation industry back in the mid 1990's, the risk i was managing was a spammer who planned to give away free T1 lines to anyone who would run a spam relay for them. everything in those days was fixed ip on wire lines. when the game changed to open relay and open proxy and then malware-botnets, i saw a great deal of pressure on the model since a given IP address could represent different endpoints at various times of the day, and each endpoint could be cleaned and reinfected many times in a month, but with short TTLs on the DNS RBL, it was still possible to keep the pressure on the infected endpoints and their ISPs, since they bore the greatest cost of their own misbehaviour, and reputation-entropy was a cheap component of the overall error rate. so, no. > As access to the internet increases, the chances of SMTP scaling to prevent > spam decreases. And as IP's become more numerous and 'chuckable' (so much > more so with IPv6 around the corner), the idea of a blacklist becomes ever > more useless. yes, but that was a shallow curve, whereas EC2/GAE/etc is a steep curve. > What we need is a new mail protocol.. [But people have been saying that for > decades now] several excellent, scalable replacements for smtp have been patented. all we have to do is globally agree to enrich those patent holders and our problems will be solved.