Features Download

From: Marc Perkel <marc <at> perkel.com>
Subject: Breaking up the Bot army - we need a plan
Newsgroups: gmane.mail.spam.spamassassin.general
Date: Monday 11th December 2006 14:48:44 UTC (over 11 years ago)
As spam keeps increasing in volume and complexity we will eventually 
lose the war on spam if we don't change the standards. I'd like to open 
a discussion about what needs to be done and how to go about doing that. 
So I'll start.

Any changes to the standard needs to be evolutionary. If we add a new 
feature to the standard that is so compelling that people give up the 
old standard and it is phased out.

First - I see bot nets as the biggest culprit. Not just as spammers but 
as sources for DDOS attacks. In the early days of email only the 
sharpest people had access to it. Now that consumers are using it they 
need some protection and we need protection from them. How do we isolate 
end users so that they can't get viruses as easily and spread them as 

By default all consumers should be behind a NAT to protect them from the 
outside world. Like many of you. I'm someone who works from home and 
provides so service from home. So I would not want to be prohibited from 
running an email server from home. But if I had to got to a web panel 
that my ISP provided to open up ports that would be fine with me.

All outgoing email from consumers should by default be required to use 
authenticated SMTP or some new authenticated protocol. At least force 
consumers to use the submission port and block off port 25 for outgoing 
SMTP by default. If consumers were forced by default to send mail on a 
different port then servers could determine if they were talking to a 
consumer or if they were talking to another server. And outgoing email 
would require a password to send, So the virus wouldn't know the 
password and the virus wouldn't be able to send email. You could also 
have the operating system register apps that are allowed to send email 
and block all apps that aren't specifically allowed.

The idea here is that if you can reduce the mechanisms that allow 
viruses to spread then there comes a point where viruses go away. All we 
have to do is get the spreading down to that threshold.

I believe that if we do it right that the bot army threat can be beaten. 
And if we got to that point the rest would be manageable.

We can talk about other things but I'll stop here to focus on the bot army.
CD: 15ms