[Spambayes] RE: Yahoo's "domain keys" and spam

Coe, Bob rcoe at CambridgeMA.GOV
Mon Dec 15 12:44:00 EST 2003


Maybe I'm missing your point, but how would an ISP that uses dynamically assigned IP addresses (which is pretty much all of them, AFAIK) recognize compromised PCs?

Bob

MIS Department, City of Cambridge
831 Massachusetts Ave, Cambridge MA 02139  ·  617-349-4217  ·  fax 617-349-6165


> -----Original Message-----
> From: Ryan Malayter [mailto:rmalayter at bai.org]
> Sent: Monday, December 15, 2003 11:31 AM
> To: spambayes at Python.org
> Subject: RE: [Spambayes] RE: Yahoo's "domain keys" and spam
> 
> 
> [Atom Smasher]
> > i haven't found many technical reports on yahoo's plan, but i 
> > suspect that some of the failures in it are:
> > 
> >   1) a paying (or theiving!) customer of XYZ-ISP sends spam, 
> > and it's "authenticated". this can happen either through a 
> > virus or a "make money at home with your computer!" scheme.
> > ...
> 
> 1) This a problem, I agree. It might take some smarts on the part of the
> virus/worm to figure out the victim's ISP and SMTP addresses, but it
> could certainly be done. 
> 
> This is something that ISPs should be responsible for preventing. ISPs
> should already use snort or some other IDS to discover compromised PCs -
> and then block those machines. Many already do, and it isn't a
> ridiculous cost burden to place on ISPs, either.



More information about the Spambayes mailing list