] The question of whether and how sender identification is
] beneficial to the fight against spam is the subject of a
] paper I presented at the recent Conference on Email and
] Anti-Spam. If that question interests you, you can find
] the paper at the following address.

This paper is in the comments at the bottom of the article.

Sender ID: A Tale of Open Standards and Corporate Greed? - Part I

For a laugh, 'telnet romulus.cometway.com 25' and give it an EHLO

] An engineer working for America Online was arrested
] yesterday and charged with stealing 92 million e-mail
] addresses of AOL customers and selling them to spammers
] that were peddling penis enlargement pills and online
] gambling sites.

Yikes!

AOL Worker Is Accused of Selling 93 Million E-Mail Names

Rattle wrote:
] ] Comcast, the country's largest provider of high-speed
] ] Internet access, has begun blocking a channel frequently
] ] exploited by spammers to send out large volumes of
] ] e-mail, a move that many technologists say was long
] ] overdue and should be matched by other service providers.

] Its email that needs to change, not the Internet. The Internet
] should remain stupid, and treat all ports as equal. It should
] not have ridged rules imposed upon what can flow over it
] because of a problem with an application. Taking away user's
] ability to contact external SMTP server's is a big thing to do
] for a 20% reduction in spam, which the spammers will adapt
] to..

1. I think Comcast said they were going to do it adaptively, based
on the "top 10" hosts each day. There is no reason for a random
user to be sending 10000 messages per day from their cable modem.

Maybe a better policy is "firewall port 25 for people that aren't
well-know/well-behaved mail servers and are sending a suspicious volume of mail."

2. I think its fair to say that the vast majority of spam now
comes from consumer broadband connections, especially bot nets of
compromised windows boxes. This could potentially do more
damage than 20% ... if you could get enough of the big broadband providers onboard

Ultimately, I agree that fixing email is the Right Answer ... but
its a really hard and mostly non-technical problem that will take a long time. These days, I'm thinking the majority of spam abatement will come from a few high-profile prosecutions of spammers and the adoption of some sender-authentication scheme. Installing certs on MXes wouldn't be so bad...

RE: Comcast to Firewall Port 25

] Comcast, the country's largest provider of high-speed
] Internet access, has begun blocking a channel frequently
] exploited by spammers to send out large volumes of
] e-mail, a move that many technologists say was long
] overdue and should be matched by other service providers.

I think maybe the right answer here is to firewall port 25 by
default and turn it back on for people who know what they're doing.

Comcast to Firewall Port 25

]
] The majority of spam %u2013- as much as 80 per cent of
] all unsolicited marketing messages sent -- now emanates
] from residential ISP networks and home user PCs. This is
] due to the proliferation of spam trojans, bits of
] surreptitious malware code embedded in residential
] subscriber PCs by worms and spyware programs.

In case you hadn't heard...

80% of Spam Originating from Home PCs

]
] 24) Again, how will you stop spammers from forging this
] domain?
] Nothing can stop a spammer from forging a .mail
] domain, but the entire TLD DNS system - the thing that
] controls all domains under this TLD - is run by the
] Sponsor Organization. What this means is that a system
] that tests to see if the connecting .mail domain is a
] valid, "no spam" domain, will be able to spot an attempt
] to forge it right at the start of the SMTP transaction.
] Attempts to forge can be rejected on the spot, or passed
] on to further spam-filter checks.

They need to publish a RFC-level document detailing how this
would work. I think they're saying a mail from amazon.com
would have an envelope sender of mx23.amazon.com.mail. The
receiving MTA can then check that the connecting host really
is mx23.amazon.com and if so, let the mail through.

Spamhaus .mail TLD - Frequently Asked Questions (FAQ)

] The weapon in question is called "dot-mail," a proposed
] new Internet domain like dot-com or dot-org. If approved
] by the Internet's addressing authority, direct mailers
] and other companies could use it to send their e-mails
] straight to users' in-boxes without fear that they will
] be quarantined or discarded by software filters that
] confuse those e-mails with spam.

This is the first I've heard of this ... and its a totally
assinine idea!

U: Maybe not quite as assinine as I originally thought...
see the FAQ.

Dot-Mail Domain Proposed as Spam Solution (TechNews.com)

] SiLK, the System for Internet-Level Knowledge, is a
] collection of netflow tools developed by the CERT/AC to
] facilitate security analysis in large networks. SiLK
] consists of a suite of tools which collect and examine
] netflow data, allowing analysts to rapidly query large
] sets of data. SiLK was explicitly designed with a
] tradeoff in mind: while traffic summaries do not provide
] packet-by-packet (in particular, payload) information,
] they are also considerably more compact and consequently
] can be used to acquire a wider view of network traffic
] problems.

I'm being recruited to work on this project.

SiLK: System for Internet-Level Knowledge

] Microsoft Corp. is preparing a major PR assault over
] Windows' perceived security failings in which it will
] criticize Linux for taking too long to fix bugs, we have
] learned.
]
] In a sign that the inroads made by the Open Source
] community are starting to rattle the software giant,
] Microsoft has hired several analysts to review how fast
] holes are patched in the open source software and is
] expected to announce that Windows compares favorably.

Is anyone really going to believe this?

InfoWorld: Microsoft prepares security assault on Linux: November 11, 2003: By Kieren McCarthy, Techworld.com: Security