Yes smtp is 'just' a transfer protocol but if it provided a subset of authentication methods it would be much better don't you think?
Very good description of the basic problem.
My cr system automatically adds the recipient into the senders contact list. It helps but not when we are blacklisted because the challenge is sent, sometimes hundreds of times, to an account that did not originate the email.
Recently I've developed an ip blocking monitor program that identifies spam ip addresses and blocks them for 24 hours, then greylists and unblocks. It uses a graduated greylist so that when unblocked it blocks again for a longer period when new spam arrives until it leaves the block permanently. This seems to be working but the list of ip addresses for spammers is outrageous and since I do not want real mail to be lost it does allow a limited amount to reach the cr system where additional checking is performed prior to issuing a challenge or allowing the user to receive it. Most users get very few spam email but this method creates a huge load on the server.
Better than nothing but still unacceptable to me.
I want to know why the isp does not make more of an effort to charge excessive use of port 25 traffic to the user. This would generate revenue even if allowances are made for those that are unaware that their computer is compromised (until it is fixed or they get charged for usage).
I am against censorship and a central authority but a judicious use of stoplights and locked doors is not out of line when there are so many unethical people sharing the roads and walking up to my door.
Anyone have any better solution that can be automated and not compromised?
Very good description of the basic problem.
My cr system automatically adds the recipient into the senders contact list. It helps but not when we are blacklisted because the challenge is sent, sometimes hundreds of times, to an account that did not originate the email.
Recently I've developed an ip blocking monitor program that identifies spam ip addresses and blocks them for 24 hours, then greylists and unblocks. It uses a graduated greylist so that when unblocked it blocks again for a longer period when new spam arrives until it leaves the block permanently. This seems to be working but the list of ip addresses for spammers is outrageous and since I do not want real mail to be lost it does allow a limited amount to reach the cr system where additional checking is performed prior to issuing a challenge or allowing the user to receive it. Most users get very few spam email but this method creates a huge load on the server.
Better than nothing but still unacceptable to me.
I want to know why the isp does not make more of an effort to charge excessive use of port 25 traffic to the user. This would generate revenue even if allowances are made for those that are unaware that their computer is compromised (until it is fixed or they get charged for usage).
I am against censorship and a central authority but a judicious use of stoplights and locked doors is not out of line when there are so many unethical people sharing the roads and walking up to my door.
Anyone have any better solution that can be automated and not compromised?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1766/1114#1114