[Asrg] Spam profitability analysis and countermeasures

Douglas Otis dotis at mail-abuse.org
Wed Apr 25 17:06:06 EDT 2007 

On Apr 25, 2007, at 12:49 PM, sam bledsoe wrote:
> On Wed, 25 Apr 2007, Douglas Otis wrote:
>> Latency in any counter-measure makes reacting to individual events  
>> futile. As such, counter-measures must be broad and lasting.  A  
>> fly's perceptions and reactions are much faster, making them  
>> difficult to swat.  With their low persistence, by the time a  
>> swatter can even be raised, they have already taken light.   
>> Warnings only work accompanied with negative ramifications.  A "No  
>> Solicitation" announcement can be made with rfc3865.  IP addresses  
>> might be exploited, so a safe identity for which to apply long  
>> lasting ramifications would be the ASN at the very moment of the  
>> offense.
>>
>> This indicates which ASNs monitor their outbound traffic, checks  
>> SMTP error rates generated by outbound clients, disables port 25  
>> for residential access points, and responds to complaints of  
>> abuse.  Alas, industry attempts to punish or restrict individual  
>> users, where various providers continue to profit from revenues  
>> generated by abuse and abuse counter measures.  Holding the ASN  
>> accountable is the _only_ practical means to affect the profit  
>> motive driving abuse.  Many of the schemes that attempt to  
>> identity individuals actually enables devastating DDoS exploits.
>
> Sorry Doug, while I can parse what you say I cannot understand your  
> point.

For example, don't expect a peer-to-peer version of the blue-frog  
approach to be either effective or safe.

1) The modus operandi is changing in response to ongoing "take downs".
2) Anyone can be a member of a peer-to-peer network.

So disabuse any expectation of a) confidentiality, b) information  
reliability as it may be corrupted, or c) effectiveness as  
information will be stale.  These weaknesses means the scheme will be  
highly dangerous.  Fines imposed upon ASN owners who permit abuse to  
continue would be more effective and safer.  AUPs will become more  
restrictive, and a response to abuse more immediate, when ignoring  
abuse directly effects the bottom-line.  Tossing out abusive high  
bandwidth customers or adding expensive router provisions become more  
easily justified.

-Doug

More information about the Asrg mailing list