Phishing is only one of many problems with the internet as we know it today. Why not start doing something that can contribute to fix more than one specific issue at a time.

1. Limit SMTP access on ISPs outbound network. Home users do not need access to all the worlds SMTP servers. They should be forced to use the ISPs mail gateway. This would put a seriously dent in the amount of junk/spam/virus/phishing mail that is floating around. Easy to implement. Corporations could be exempt to the rule.

2. Enable authentication on outbound SMTP traffic. ISP home users need a password to pick up their email, why not just use the same for sending? Again, this would make a big dent in junk mail and alike.

3. Start making it a bit more difficult to register new domain names? Why should anyone be able to get a domain name on the hour without any checks being performed on the request, apart from checking if the "client" can pay for the purchase with his/hers credit card.

4. One global IP/DNS blacklist system, handled by the a group of ISPs or something. Today there are two many that does the same and we never get the complete picture. Duplication, segregation and competing against each other to increase ones earning potential is not going to help the average internet user. Spammers and phishers work together, it's about time we do the same.

5. Anonymity must go. Why should anyone be allowed to do whatever they feel like on the internet, while they can't do that at home out in real life? Keeping things as it is today will only dig the whole deeper and deeper for the Internet? Accountability is the only way this will survive.

Both point 1 and 2 are easy to implement, and most implemented email systems will already be able to support authentication at the SMTP level. This would give extreme good results in a short space of time, provided the ISPs around the globe would open their eyes and realise that they the biggest part of the problem.

Thomas

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/405/33719#33719