[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Technical mail setup question

This discussion seems to be getting increasingly off-topic, but here
are my two cents. :-) I'm going to focus on facilitating legal action
against spammers and on spam denial-of-service attacks, neither of
which I recall being discussed.

Brian Cox <coxbrian@pilot.msu.edu> writes:
> And if the ISP gets complaints about said user using their relay
> and nukes their account, how is it any different if the determined
> spammer sets up a new account and uses a relay or sends straight
> from a dynamic IP server?

When a spammer uses a mail relay, it leaves a record in the relay's
log files and allows the ISP (and a spam recipient with a subpoena)
to figure out the spammer's identity, which is necessary to take any
legal action against the spammer.

When spam is sent straight from a server with a dynamic IP address,
the ISP generally will have no record of that mail.  That fact,
combined with the ease of forging mail headers, makes it much easier
for spammers to conceal their identities and thus avoid legal
consequences.  DULs help avoid this problem by allowing denial of mail
directly from dynamic IPs.

Of course, leaving a trail to facilitate possibile legal action is
not a complete deterrent (and, of course, legal action is not always
possible), but it's one more element to help in discouraging email
spam.  It certainly seems to help in keeping down the amount of spam
by fax.

> Still, it does trouble me that the mentality of "lets ban all mail
> from dynamic ISP accounts" argument seems eerily similar to the
> anti-crypto arguments made by certain governments.

DULs are certainly very blunt instruments.  In fact, I have had one of
my company's mail servers listed on DULs because it had a fairly (and
deliberately) anonymous-looking name, even though it has a static IP

Nevertheless, I have considerable sympathy for the plight of ISPs.
This past year, our ISP has sufferred at least two "spam attacks"
that I know about: spammers can send so much mail that it results in
a denial of service, perhaps intentionally so.  To guard against such
attacks, an ISP's mail server needs a way to reject probable spam
quickly and with little CPU usage.  (procmail filters, for example,
are often not effective in such instances because they are too CPU
intensive.)  The same applies for university mail servers or other
permanent mail servers.

DULs and open relay lists can be used as defenses because checking an
IP address or hostname can be done quickly.  Yes, they will reject
some legitimate email.  However, the alternative during a spam attack
is to lose mail service and possibly mail for all of the ISP's
customers (or a department mail server's users), which is surely
worse.  Perhaps someone else can comment on the frequency of such
attacks?  My impression in talking with my ISP is that they are not
that uncommon.

So, in summary, I view DULs and open relay lists as a necessary evil
for many ISPs and or other permanent mail servers.  I don't like them,
but I don't know of better alternatives.  For administrators of
single-user Linux boxes using a dial-up dynamic IP address, I think
it's much harder to justify the use of DULs and open relay lists to
block mail: the risk of attack is smaller and the consequences less
severe, so the risk of losing legitimate email may not be worth it.
However, individual users could use these lists to mark such mail as
probable junk without rejecting it sight unseen (for example, using
the lists with a mail filter to deposit likely spam in a "junk"


Reply to: