Technocrat

Best Practices for e-Mail to Fight Spam and Botnets

zogger
Sat Jun 28 06:39:00 -0700 2008
Computers.
manage

The Messaging Anti-Abuse Working Group has concluded their recommendations to ISPs on dealing with email abuse and botnets. The recommendations include how to best deal with email forwarding and port 25 issues for normal end users.

ed.z.: Above link is press release, both papers are free PDFs off the home page. What say ye, O knowledgeable ones? My whackjob idea from a long time ago was to make it just harder to have an email address, treat it like domains are treated, even with a small fee per registered address. I think one of the problems has been it is just too easy to poof create millions of bogus addresses on demand. But, I don't know either, just thinking of human nature, if your email addy was more precious and you had to pay money for it, it might be treated differently, and would perhaps slow down the insta-email botnet spam that can occur when someone's box gets owned, it just wouldn't be relayed because it would be an illegitmate email because they typically use bogus "from" headers. Nothing that wasn't in the record could be relayed then, and and any sudden big surge from a legit email would get noticed and looked at. But...I dunno...you network guys know better, will these new recommendations work, or is it windmill tilting?

Port 25

Charles E Hill
Sat Jun 28 09:57:40 -0700 2008
 manage

Some solutions that I've advocated for years.

1. All ISPs should require their SMTP servers to have SSL/TLS installed and any SMTP connections from customers be thru SSL/TLS (SMTPS, port 465).

2. All Port 25 traffic blocked by default.  Open it only on written request from the client.

3. All SMTP traffic should be blocked by default, except to the ISPs e-mail servers.  Unblock it only on written request from the client.

3. Monitor all Port 25 traffic from the clients who DON'T request the port to be open.  Contact those people to let them know they probably have a virus.

4. Monitor for known-trojan traffic.  That is, activity on the ports used by the Top 10 Trojans as defined by CERT or SANS.  Contact those people to let them know they may have a virus/trojan.

Contact can be thru automated e-mail or any other electronic method the customers agree to.  Cut off people who don't respond.  No service will get their attention and have them call in.

Most people don't run their own e-mail servers.  Those people that do are probably paying more attention and aren't the problem.

Best Practices for e-Mail to Fight Spam and Botnets
Alan
Sat Jun 28 21:20:54 -0700 2008
 manage

make it just harder to have an email address, treat it like domains are treated, even with a small fee per registered address. I think one of the problems has been it is just too easy to poof create millions of bogus addresses on demand.

Worse than useless. Spammers hijack or spoof real email addresses. (Don't you get bounces from spam apparently from you?) And anyone with a domain can create as many ad hoc addresses as they like. Besides, the "From" address is not checked to be real, whatever "real" means. It would just be a way for ISPs to profiteer without making a dent in the problem.

There are lots of legitimate uses for the essentially free email addresses we have now. Some automated services add a code to the address used for a one-off message. I've got dozens of email addresses, I create a different one for every forum, registration, etc., so I can shut them down if they start getting spammed.

 

Do you have questions about the site? Write to bruce at perens.com . List of all articles we've ever published. Source Code Developer's Documentation RSS XML Sitemap XML News Sitemap Valid XHTML 1.0 Strict Valid CSS! [Valid RSS]