[linux-elitists] AOL says goodbye to AT&T/Comcast and residential mail spools

Aaron Sherman ajs@ajs.com
Fri Apr 11 06:36:24 PDT 2003


On Fri, 2003-04-11 at 01:26, Martin Pool wrote:

> lists.samba.org uses the Korea blacklist <http://korea.services.net/>.
> This is about as broad and ugly a solution as you can get.
> Unfortunately, it works: we get hundreds of attempted spams from Korea
> every day, and random audits show that effectively zero are bonafide
> emails.  

The problem with these solutions is that you can almost always replace
the name of the spammer network you're talking about with "Internet" and
the statement still works. Nearly zero of the email on the net is
signal, but we receive the noise because the "nearly zero signal" is so
incredibly useful that we cannot afford to ignore it.

The first time email that you NEEDED to see is bounced, you learn this.

Now that said, I'm all for any blacklist that is well maintained. Check
out:

http://basic.wirehub.nl/spamstats.html

These folks are concerned with BEHAVIOR, not whose CIDR block you're on.
If you spam them, they stop listening to you. If you talk to them, about
a problem, they fix it. Personally, my take would be to gather all of
the DNS BLs into one SBLP (Simple BlackList Protocol) and allow anyone
on the net to vote by adding their own. Weighting could be applied to
every vote roughly the same way SpamAssass does it, by seeing how much
of the valid email and how much of the spam in the world, your votes
would have affected in what ways.

Where SpamAssassin does this on a per-release basis, SBLP could do it in
real-time for the consumption of SMTP servers. You could even reject
connections in full conformance with the SMTP protocol RFC by issuing a
554 that explains what the SBLP result was and how to petition for
special exemption (you just know that politics is going to creep into
the voting, so you have to allow an escape hatch) and then waits for (a)
timeout or (b) a QUIT, while sending command errors for any other
request (that's the RFC's mandate on how you must disconnect a session
that never had a chance to HELO).

I'll start thinking about this, and figure out how the database could
best be distributed without having to be too hierarchical. I have some
ideas that involve using DNS as a source of entropy for a random number
generator that might come into play well here... we shall see.

[commnets about your overloaded servers]

First off, I get you here. I was sick of spam too, and it was hurting me
badly (I was missing mail left and right, given that the address
ajs@ajs.com has been plastered all over the Net for almost a decade, and
other addresses that may or may not still forward correctly are on
USENET from even further back).

The solution is fairly simple, though: mailing lists simply cannot
afford to continue as they are. email works well as a peer-to-peer
system, but as soon as you layer a hub-and-spoke model on top of it, the
economies of scale work against you.

I would require that all mail to a public mailing list be PGP-signed
with a key that's on the public keyservers (for users who wish to have a
non-spam associated identity) OR TLS validated (for mail servers that
wish to assert that their users will not spam the list) OR TLS encrypted
+ SMTP authenticated (the non-distributed option). There's some
complexity there (like chasing the validation chain back in the headers
and establishing a web of trust among them so that forgery is either
impossible or would require subverting a trusted system, which would
then negate its trust quickly).

Bounce messages from the list should indicate a source for information
on service providers who perform the correct authentication steps,
and/or mail clients with trivial pgp-tie-in (e.g. Evolution under Linux
which requires three steps, all trivial, two-command-line on your
average distro which includes gpg with the keyserver stuff built in).
This is no longer rocket-science, and since your ISP can handle it for
you, you don't have to be capable of figuring out encryption tools if
you don't want to or cannot!

Once you have that, you have an identity, and you can change identities
as often as you want to register a key, but establishing trust would
require manual effort (e.g. registering your new key with the list and
sending nothing but non-spam from that point on).

I could whip up such a hack for mailman in a week or two, I would think.
Want it?

> I think we are on a long slow decline of SMTP.  It needs to either be
> replaced or greatly altered at either political or technical levels.
> People are trying out different approaches, none of which is perfect.

I use (and contribute to, where time permits) SpamAssassin. SA is the
only solution I've seen for spam that actually applies classic
techniques of S/N filtering from non-SMTP fields correctly. SA is
currently much faster than it was, and I predict a line-speed embedded
SA within 2 years (I'll start the company if no one else does). I'm
working on converting much of SA's hard work into C back-ends that can
be plugged into Perl for the secure handling of string buffers and
flexibility of VHLL constructs that makes SA so powerful. When that is
done it will already be at least 10 times faster, I predict. Small to
mid-sized ISPs and mailing lists won't even need embedded hardware to
use SA globally.

As for SMTP going away... naw, just more and more of the world is going
to have to get over the fact that we're a noisy lot, and giving us all a
voice means some will scream. If you eliminated all of the Nigerian spam
and Viagra spam, etc., you would quickly find that you weren't paying
attention to the other noise source: people who just want to be heard.
On ever technical mailing list I'm on I get 

> Some of these approaches are based on requiring people to provide an
> accountable identity so that they can be held responsible for spam.
> Requiring transactions to go through ISP SMTP servers ties down a
> sender as belonging to that ISP, and therefore helps hold ISPs
> responsible for their behaviour.

Yes, yes, yes. But SMTP already does all of that.

We just foolishly don't use it. I TLS all of my outgoing mail, do you (I
do need to get an externally signed key, though. Any of you a valid CA,
since I hate to go give someone like NA money)?

PS: just FYI, if you want a non-login account on my mail server so that
your mail server can authenticate itself, I am happy to set it up, but
you must encrypt for it to work (I don't allow clear-text auth).

That was long, sorry. This is all super-important to me right now, and
I'm probably going to spend the next 6-10 years of my life trying to fix
this before ISPs fragment the Internet so much that we need a new
"network-of-networks" to connect the Internet to itself again :-/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030411/3708f542/attachment.pgp 


More information about the linux-elitists mailing list