Re: 'Bad Guys are Winning' Despite Fight Against Spam

[Drsolly <drsollyp () drsolly com>]

I don't think Nickl claimed in his email, to know what would stop spam. I 
think he only claimed to know that the suggested method that he was 
commenting on, wouldn't stop it.

One important thing about spam, is that it isn't some natural process like
the rain. I know how to stop rain - you put up a waterproof roof. OK, when
I open the door, a little bit of rain will come in, but I don't mind that.  
Rain isn't the result of Intelligent Design, but spam is, and the
Designers will change their tactics to get round any blocking system that
isn't 100%. If you leave some small gap, then all the spam will be 
designed to exploit that gap. It isn't like rain.

My opinion is that spam is an economic problem. The problem is that 
there's profits to be made by stealing the use of other people's computers 
to send spam. The solution has to be economic, and the one that I favour, 
is one that imposes a monetary cost on the spam sender, and if that's an 
unwitting user, then it's only fair that the cost imposed on other people 
by their lack of security, should also be borne by the unwitting user. Or 
at least, part of the cost.

Other people have their own ideas for dealing with spam.

It might be that there is no solution for entirely dealing with spam, and 
I can think of a possible proof of this. But I don't need a total 
solution, I just need something that throttles it back considerably.



On Sun, 10 Dec 2006, Dennis Henderson wrote:

> On 12/10/06, Nick FitzGerald <nick () virus-l demon co uk> wrote:
> > Dude VanWinkle wrote:
> >
> > > Spammers shouldn't be killed, we should just get rid of botnets, or
> >
> > Like that's going to happen any time this decade...
> >
> > > block port 25 outbound from the consumer ISP's unless the user
> > > requests it.
> >
> > You don't understand spam at all, do you?
> >
> > Think about it -- if botnets are a problem then lack of outgoing port
> > 25 in large ISP's is not a problem for a spammer (you can't possibly
> > think that in general spam _must_ come from outside your network, can
> > you?), and if botnets are a problem then more stringent port 25/SMTP
> > checks in many large ISP's will not make much difference with webmail
> > or other submission methods, and if botnets are a problem then moving
> > to parasitic spam will not be a problem in the unlikely event that all
> > the other real spam-causing problems get fixed...
>
>
> So what do you propose, Mr. Nick, seeing how you seem to know precisely what
> will and wont stop Spam.
>
> The huge majority of Spam that I am involved with comed from residential
> sources. By denying those sources, we've managed to really knock Spam out of
> our enterprise.
>
> I think sending email is a task that should be left to legitimate server
> platforms, not mindless people's PC's.
>
> Some ISP's do block port 25 and we certainly dont see Spam from them.
>
> I'm sure you have the solution.. Lets here it!!
>
> :)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.