Postfix's Creator Outlines Spam Solution

SATAN writes "Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper. SecurityFocus chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center."

It's easy

[smartin]

Just get everyone to sign their mail including companies that send you receipts and opted in spam.

I would be happy if I could reject any mail that is not digitally signed and then manage the signed mail by signature.

Re:It's easy

[Xugumad]

As a big fan of signed e-mail, I see something like this:

Anything signed by someone I trust, arrives in my inbox. Anything signed but not by someone I trust, goes into a holding box from which I can fish e-mails I want. Anything not signed, or with a corrupted signature is rejected as unacceptable at the MTA level.

Now, anything arriving in my inbox can only be spam if someone I know has a hacked system, which should be rare AND I can contact them to tell them to fix it, because I know who it is from the signature (unlike e-mail viruses that could be practically anyone I know). This means that I know when I get e-mail in my inbox, it's worth me looking at.

Unexpected e-mails are still an issue, and may get lost, but frankly that happens anyway (I get somewhere over 200 spam per day, only a couple of dozen of which make it through enough filters for me to even glance at the subject line).

Filtering could be multi-stage, too; regular inbox for trusted people, a secondary inbox for people who I have been introduced to (for example, by a mailing list), then signed but unrecognised, and then everything else.

Re:It's easy

[Xugumad]

Maybe not solve, but I imagine most people get the vast majority of their e-mail, and ALL critical e-mail, from people they know in advance. This means that "uncertain" e-mail can be ignored safely for significant lengths of time, confident in the knowledge that if your boss e-mails you, you'll still get notification ASAP.

Make sense?

Re:It's easy

[antifoidulus]

Dude, if we could get everyone to do something then there would be a super easy way to stop SPAM: namely get everyone to stop clicking on stupid shit.

Not only does that action give spammers income, it is the #1 vector for the spread of botnets.....

Re:It's easy

[swillden]

Dude, if we could get everyone to do something then there would be a super easy way to stop SPAM: namely get everyone to stop clicking on stupid shit. Not only does that action give spammers income, it is the #1 vector for the spread of botnets.....

Actually, it doesn't give spammers income. Spammers don't care if you click the links. By the time you're deciding whether or not to click, the spammer has already done his job and made his money.

If you think not clicking links is gonna convince all the get-rich-quick scheming fools to stop paying spammers to send their crap then you sadly underestimate the supply of fools.

Re:It's easy

[nabsltd]

No greylisting implementation that I know of requires the sender to do anything special to "validate" their e-mail. What you are thinking of is a challenge-response system, and those suck because they create blowback spam.

Greylisting works on the principle that most spam comes from systems that don't follow RFC because they do not retry if they receive a temporary error. The MTA with the greylisting implmentation always returns a temporary "4xx" error code for any e-mail with a "new" sender/recipient/source IP triple and stores the information in a database. The greylist server keeps returning a temporary error for anything that matches this tuple for the configured timeout (usually about 5 minutes). After that, it lets the connection through as normal (where other anti-spam measures may be taken).

This stops most bot networks from sending spam. It still works remarkably well, as I only use that and SpamAssassin with a reject score of 10, and I see about 1-2 spam e-mails per week.

Will Not Work

[mfh]

Your post advocates a

(x) technical (x) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

(x) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(x) Microsoft will not put up with it
(x) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(x) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
(x) Whitelists suck
(x) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

I lost a lot of respect for Wietse Venema

[SuperBanana]

...once I started reading his replies on the postfix-user mailing list. He's extremely blunt. While many are VERY helpful and detailed, a number are a sentence or two long that, paraphrased, consist of "you're an idiot."

However, he's nothing compared to Victor Duchovni (who works for Morgan Stanley, and is a major poster on the postfix-users list). His signature, and I'm not making this up:

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Yeah, you read that right. 11 lines long...and this asshole thinks he's so fucking important, he lectures you about how to thank him so he can delete your acknowledgment/thank you as quickly as possible. He's often more willing to insult than help, and on numerous occasions, comes to the wrong conclusion. Worse still, he often presents his solution with complete authority and confidence, putting the helpless user on a primrose path.

Re:I lost a lot of respect for Wietse Venema

[Free+the+Cowards]

For some reason many people prefer to have polite, useless help than have someone who directly solves their problem without a bunch of extra words on the side. It boggles the mind, and it's a large part of why I significantly curtailed the time I spend helping people work through their problems. For some reason, a whole lot of people with questions get angry with people who ask things like "what are you actually trying to do here?" or who tell them that their whole approach is wrong, but are perfectly fine with people who go along answering questions politely and wrongly for dozens of messages.

Re:I lost a lot of respect for Wietse Venema

[nyctopterus]

You know, even if you're doing something good, if you do it with ill temper and lack of grace, you're still being an arse.

Re:I lost a lot of respect for Wietse Venema

[mandelbr0t]

Actually, if someone deals with the unwashed masses regularly, it might be a good idea to learn some manners and/or diplomacy. There's no excuse for being an asshole, not even being ridiculously intelligent and having to deal with real idiots. Everyone has stress in their lives, and it's like geniuses can't be bothered to deal with it gracefully. Quietly ignoring the "it works, thanks" e-mail saves just as much time, without alienating the person with his first response.

Not only that.

[khasim]

From TFA:

In my personal opinion, the reliability of email reached its maximum near 1998; it has gone down ever since as the result of increasingly aggressive anti-spam/virus measures. This observation has led me to conclude that the spammers aren't destroying the email infrastructure, it's the well-meaning people with their countermeasures.

I use Exim4 as a pre-processor for a GroupWise system.

This allows me to reject messages during the SMTP connection (no receive and then bounce back) and I have customized the rejection messages to include my phone number. As long as YOUR email admin handles error messages in any sane way, you'll get a phone number to call and talk to the guy who set up the system that rejected your email. I get a call about every other month now.

The real problem is not "aggressive anti-spam/virus measures".

It is that 80%+ of the inbound connections are spam-related. So just about ANY action taken will reduce the amount of spam. But the email admins still need to continually evaluate their processes.

Re:Just use gmail

[theCoder]

The pull model really isn't a good idea, because that is what spammers are already trying to get people to do. They want you to open the email and click the link. A pull model just makes that automatic. Not to mention all the marketing people (pseudo-spammers) that would just love to know which of their recipients actually look at their emails, and how long they look at them, etc. I already get mailings (alumni stuff, etc) that are just links to a web page where I can read the actual letter.

And of course, "just use gmail" isn't really a solution. It only works until someone figures out how to get through gmail's filters, or Google really sells out and starts allowing select "partners" to advertise to members directly. Though there is some irony in the idea that you can avoid email advertising by using a system that has ads in the email viewer. I'm not saying anything bad about Google or gmail, just pointing out the irony :)