US Military Looks For Massive Spam Solution

Several users have pointed out a recent request to technology companies from the Defense Information System Agency for ideas on how to build an e-mail defense system to catch spam. The solution would have to scan about 50 million inbound messages a day across some 700 unclassified network domains. "Defense currently scans e-mails for viruses and spam coming into systems serving the military services, commands or units. DISA wants to extend the protection to the interface between the Internet and its unclassified network, the Non-classified Internet Protocol Router Network. The agency also wants the ability to scan all outbound e-mails from the 5 million users. [...] DISA's request ties in with recommendations that the Defense Science Board issued in April that said Defense is more vulnerable to cyberattacks because of its decentralized networks and systems. The board envisioned a major role for DISA in developing the architecture for enterprise-wide systems."

Why bother with an IT solution?

[A+beautiful+mind]

Seriously, it's less than two dozen guys pumping out 90% of the spam in the world. I would guess that the law enforcements and militaries of the world should just do their jobs and apprehend these criminals.

I'd certainly appreciate real action like getting rid of spam than for the CIA/US Military to spend time chasing down far fetched terrorist plots. I'm constantly stunned that given the damage spam creates, special branches aren't more active in tracking and _eliminating_ the sources of these things.

Re:Why bother with an IT solution?

not quite 90 from 24 but here is one of the better maintained lists of the heaviest spammers: http://www.spamhaus.org/statistics/spammers.lasso from there full list of major spammers: http://www.spamhaus.org/rokso/index.lasso

Re:Why bother with an IT solution?

[A+beautiful+mind]

I was a bit off by saying less than two dozen, but I wasn't off by that much. Spamhaus says 200 heavyduty spammers are generating 80% of the spam in the world.

The numbers I had in my mind are an outdated estimate I've heard a couple of years back. It's good to remember to question information and it looks like I forgot about keeping my assumptions up to date...

Re:Router level solution

[Jah-Wren+Ryel]

Because spam doesn't work that way anymore. It comes from botnets where each individual zombie only sends one or less messages to the target and need only send out 20 or 30 each day total to still be effective.

Re:Router level solution

[epiphani]

That's because you want a router to do something it doesn't care about. That would require full layer 7 visibility on the router - then it wouldn't be nearly as good at doing what its supposed to: routing.

Most routers rarely look above layer 3. Occasionally they'll do some layer 4 stuff, but that is best left to firewalls or load balancers.

Also, routers aren't programmed to ignore DOS attacks. They're programmed to ignore very specific types of DOS attacks, sometimes.

Re:Bounce confirmation whitelist

[Culture20]

The only military email system that I've sent mail to used this, and some sort of system similar to /.'s Lameness filter. It took me three emails to get one message to one recipient. Annoying as Hell, and I almost gave up. Did the person you talked to give numbers on how much real messages were reduced?

Re:Bounce confirmation whitelist

[RazzleDazzle]

Oh, so you are now a source of spam and back scatter since every single email address that sends a message to you (forged or otherwise) you reply to it as it were a legitimate message. Thanks for contributing to the problem and making it more likely I will not ever contact you via email. One of the reasons e-mail became so heavily used and therefore depended upon is the ease of communication. If you require a manual or auto (like yourse) moderated permission to communicate I guess I will just have to go to your competitor with whom I more easily communicate with.

Re:Router level solution

[dkleinsc]

As a sibling post pointed out, this checklist is used whenever there's discussion of solutions to the spam problem.

(X) Mailing lists and other legitimate email uses would be affected

Legitimate mass mailers would require a registration to be placed on an allow list. Of course, spammers need not apply. Licensing fees could even be charged for this list to pay for the program, but that may not be fair.

What if I'm a legitimate mass mailer who, say, wants to organize political protests? Who may not want their activities on a government list?

(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes

Machines that have been zombiefied would be cut off from the web at the router level. They will be allowed back on once their ISP can verify they have been de-zombied.

How long do you think AT&T and other broadband ISPs would put up with this? All the customer sees is "My Internets is broken. $ISP sucks, I'm switching." Also, if there's a 10000 per host limit (over a particular period), 9999 * 10 million is a pretty significant chunk of spam.

(X) Infrastructure costs that are involved in deep packet inspection on the core routers
(X) Privacy concerns in letting ISPs perform deep packet inspection on the core routers

Why not just use the same setup the previous administration did to monitor phone calls?

Because it's illegal under wiretapping laws, for starters.

(X) I don't want the government reading my email

Since the emails are counted instead of read, there would be no privacy concerns.

Using the example of a non-profit group, the government now has a count of the size of everyone's email list. Or has a much shorter list of who to look at for who's running the email server of a political group.