[svlug] botnets
Joe Buck
Joe.Buck at synopsys.COM
Mon Jan 8 10:09:48 PST 2007
On Sun, Jan 07, 2007 at 09:47:35PM -0800, Chris Miller wrote:
> Ah, blast. My anti-spam idea won't work then.
Machines that are part of a botnet have all the information that they need
to look just like the actual owner of the machine. Most spammers are
sloppy enough to give themselves away, but as soon as any "solution"
is deployed that uses this fact, the spammers simply adjust.
Example: it used to be that ordinary users routed their mail through
their ISP, while spammers and spambots did SMTP connections directly to
their victims, or via open relay sites. So we got black-hole lists and
told everyone they had to route mail through their ISPs or with
authenticated SMTP connections. Now the spambots typically route their
mail through the ISP's SMTP connection just like the machine owner's
regular mail. You can't block this without blocking the user's ability
to send mail.
ISPs could crack down, but if their crackdowns disable mail for any of
their legitimate customers, or if they have to expend support time in
helping all their customers de-spambot themselves, the cost would be
enormous. For now, it seems that it's cheaper for them to do nothing.
More information about the Svlug
mailing list