Options
Gates reveals his 'magic solution' to spam
Microsoft chief Bill Gates has pledged he can put the hammer down on the problem of SPAM by 2006.
[blockquote]One of the suggestions on Gates' antispam checklist is setting those sending e-mails a simple brainteaser, or asking their PCs to do an easy computation. If you're sending an odd e-mail or two, the time and difficulty wouldn't pose much of a problem. For machines belching out huge amounts of spam day in and day out, however, the cost and computing power needed to send the e-mails off through the ether would be huge.
[/blockquote]
[link=http://news.com.com/2100-1028_3-5147491.html?tag=nefd_top]The full report[/link]
[blockquote]One of the suggestions on Gates' antispam checklist is setting those sending e-mails a simple brainteaser, or asking their PCs to do an easy computation. If you're sending an odd e-mail or two, the time and difficulty wouldn't pose much of a problem. For machines belching out huge amounts of spam day in and day out, however, the cost and computing power needed to send the e-mails off through the ether would be huge.
[/blockquote]
[link=http://news.com.com/2100-1028_3-5147491.html?tag=nefd_top]The full report[/link]
0
Comments
The make-your-computer-do-some-math plan: great, slow down the sending of e-mails, on both the client and the server side. And anyone who has an e-mail propogating virus is going to have their computer slow down. Now I don't feel sympathy for any one who does not virus scan regularly with daily def updates, but this idea is really going to slow down the e-mail servers just as much as having the spam go through in the first place.
The charge-you-for-refused-e-mails plan: never gonna happen. E-mail sending viruses will inflate bills for unsuspecting users. 12 yr olds will refuse each other's e-mails just to run up the others' bills, and their parents will be forced to pay for it. ISP's will be made to enforce all this, and the only way to force the real spammers to do it will be to subpeona them to court. They are starting to operate in countries without extradition treaties with western nations, so ISP's will never be able to force them anyways.
I don't have the answers, but I know that those are not the right ones...
Dexter...
Essentially, Gate's idea is PART of a sound idea-- SMTP authenticate the sending box before recipt is accepted. If done at the ISP level, for at least a while after this is done, the ISPs could trash oodles of junk-- faster and cheaper than scanning each email for 92,000 viruses.
What Linux dev folks do is this-- each email to a secure email list has to be SHA\2 signed. The signatures are on record on the list servers for such lists. SMTP engines can use SHA\2 and it takes milliseconds to on a fast box to SHA\2 sign a bunch of emails.
ISOs are accompanied by signature files calced before they are put up for download. Individual update files, ditto. That ensures integrity of uploading and downloading.
So, you do a SHA\2 of the IPV6 IP of sender, ask it to send you the same thing from itself in a request from the client using the sending IP in email header. No repsonse, trash email en toto, do not even display the email to user. Then, you make all the boxes do it.
Result, the spoofed email (and viruses are 90% spread by MTAs and\or are spoofed) eliminates 90% of viruses with a less time intensive calc than a virus scan and reduces the volume of things that need to be scanned down to about 30% or less of total traffic.
MyDoom could not have spread if the servers insisted on end sender verification up front before even delivering the email. If user knew how to look at and read headers beofre opening email, or did not use Windows for email, this would be moot for quite a time. BUT, they do not do so, they want the GUI and ease of use and all their computer's time and giving none for things like time-slice consuming AV, Firewall, IDS, and anti-spam software.
So, say Gate's idea is put into effect, not only on end node boxes but also servers?? Servers would carry the brunt of load. End nodes would scan the 10-30% that was left, and 85 percent of active viruses that are now still floating the web would be erased on spoof detection.
Microsoft is already implenting IPV6, and IPV6 uses as part of the address system a dsitinct physical code. Have receiving server at ISP verify the IPV6 and a SHA\2 signature hash, and trash all email without matches to results received-- BOTH, not just one or the other.
Alone, Gate's idea is not whole solution, but with the work Microsoft is now doing with Terdel tunnels and implementing full IPV6 boxes that really send can be isolated down to the virus author's box.
If you have a firewall and implement the SP2 stuff, afterwards look for port outbounds to http://teredo.ipv6.microsoft.com, and incomings in response. Microsoft is testing IPV6 now, tunneled through IPV4 normal linkages. My boxes BOTH have IPV6 PHYSICAL IDs. IPV6 will be in email headers as IPV6 comes online, and spoofed emails will vanish if we authenticate IPV6 plus use SHA\2 signatures on all emails. SHA\2 is greater than a 256 bit checksum, very hard to fake.
Me, I would like to see this, my emails in would be about 70% useful to me and requested to me stuff, or greater.
What Gates said was only part of what is being worked on, that is why it alone seems poor. "THE ANSWER" is a multipart and multiphased response.
If you want more on how spoofing works and ways to despoof and handle spoof proven as intrusion, let me know, I can come up with 40-50 links easily(be warned, this will be heavy reading). rfc822, and server-to-server backward chain auth-and-verify are only part of the answer, we need a network address system that has space such that each end node gets a totally unique address world-wide, and IPV6 has the capabilitiy to do that. Hardware support for it exists on most good NICs these days. Part of MAC is part of IPV6. MAC can be hard-coded into NICs. Spammers do NOT use dialup to send or route email typically, too easily traced.
John.