This would work perfectly in a world of static IPv6 networks. Unfortunately, while we are all stuck using Dynamic IP pools, especially on dialup, when customers disconnect every 3 or 4 minutes, and IP addresses are re-assigned constantly, this (like almost all the previous suggestions) just isn't really feasible - especially from a helpdesk point of view. Sure, there are ways for it to be done, but with a large amount of hassle. Similar to the caching issue, the money burnt paying staff to maintain/troubleshoot these extra setups would quite possibly mean that little benefit would arise from it, apart from the CEO having to delete one less message per day. This also doesn't do anything to stop the various forms or Malware which either send email out via outlook* or digs for the info, and then relays to the SMTP server listed in the email config. The fixing really needs to be done at the user end - somehow. Maybe Microsoft will be smart enough to release something to combat this with the first release of Longhorn.. Probably not. It seems like a lot of us are trying to see a positive which doesn't exist, and probably wont for a long time. The music industry has been trying to combat piracy for years with all sorts of extravagant little schemes. "Lets make a CD which only plays in 'dumb' hardware, or hardware which supports proprietary Microsoft codec's! The end user wont mind the inconvenience, surely..) Still, pipe dreams are nice, and we all spend endless hours dreaming and scheming of ways to crush those ignorant little end users with our thumbs - while exploding in fits of evil laughter.. Jeremy. -----Original Message----- From: Richard Hector [mailto:rhector(a)paradise.net.nz] Sent: Thursday, June 10, 2004 9:17 PM To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Zombies On Thu, Jun 10, 2004 at 03:20:24PM +1200, neil gardner wrote:

OK, serious thought here... Bear with me... I may be a) Describing an existing system or b) way off base.

Transparent SMTP proxy intercepts all messages and maintains a running total of emails sent per source IP. This running total is actually stored as a time distribution (ie. 10 emails in 10 minutes, then none in 10, then 100 in ten etc)

Sounds pretty complicated to me. Why not just tell all your customers you're going to block port 25 except to your mail server, and that it won't affect them unless they're doing something unusual. Those that will be affected will probably know, and they can contact you and ask for an exception. You ask a few basic questions to make sure they have some degree of clue, and open it for them. Those who are doing it and didn't know will hopefully remember that email they got, and contact you afterwards. You'd probably need to send a few emails over the month before you actually cut them off. You could also monitor who's making direct connections before all this and contact them directly, of course. Most importantly, advertise what a good ISP you're being, helping save the world from spam. Just my thoughts. Richard _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

An abrupt flaw with all of these ideas, is the fact that his has to be implimented EVERYWHERE (as I am sure most of you know). In theory, lets say America on a much more vast user base. None of the ISPs will adopt this technique, so now we have thousands of ISPs allowing all this malware smtp traffic. We have all of our users secured so malware has 1% chance of getting through. The flaw is, this lack of co-operation from the Americans result in pretty much only protecting ourselves, from ourselves .: we would still receive pretty much the exact amount of spam/virus traffic as before (minus the occasional hit locally) I would suggest, IMHO, that Microsoft (the source of a majority of the email+virus activity) do some sort of rate limiting on outgoing SMTP traffic on their OS. The thing is, sure spammers will "patch" and "hack" this and get around it, okay spam isn't THAT bad when comparing it against viruses and other malicious content being forwarded to mailboxes. But it would indeed make it harder for a less logical/intelligent virus to come along and spread like it usually does. This is only a thought, I haven't thought into it further then the bottom of the cup of the hot chocolate I had this morning. Here's hoping Microsoft have a noodle soup of code for networking that cannot be patched simply. My 2 cents. - Drew