« Many, Many Things | Home | The Fuzz Congregation… »

Sendmail Vulnerabilities and Spam and Jen's "Booshday"

Tuesday 04 March 2003 at 12:47 am Warning: Geeky Entry.

So I've been reading tons and tons of information about today's sendmail vulnerability and about how spam is trying to be thwarted. Some people think that if spam is being delivered, just make the connection super slow and it will kill the remote server if enough people use the software. I like the idea, but I wonder if it will work. Others have said "whitelist everything" but then you'll just find someone who can write a "whitelist buster" and you have your problem still.

There needs to be some accountability. So what about this: if I want to have a sendmail server, I need to accept mail from other sendmail servers. The only way that I will accept mail is if the remote server can provide me a "key" that I can validate as an "approved" mail server. All I need to do is go to a website, register my contact info, have it verified, find a few nearby (network-wise) mail servers, and request to be a part of their network. Once they approve me, I get a key to put on my server so they can connect. If I have a spam problem, I talk to the 5 or 10 systems admins that I have as "approved" on my list. They in return talk to their connected servers, so on and so forth. Hell, it doesn't even have to be an approved key -- just block everything unless it is from a known/approved IP.

The problem is that you have mail taking 10-30 hops across the Internet, rather than at the least, 1 or 2 hops. Is all that processing power worth the pain? Maybe each hop will hand the sending server a key and another mail server; that mail server will get the last key and check it; if it is approved, it hands over another key and another mail server; the sending mail server will go to THAT mail server to get another key and another mail server until you reach the destination.

It's a lot of work, reducing/stopping spam worth it? Sure, a piece of mail might take 5 times as long to deliver, but with only the key being passed between the 10-30 intermediaries, it would reduce bandwidth, especially since the mail is only transmitted once the sending server finds and is approved by the receiving server.

It's a thought, one that is still in progress. I just figured I write it down so I wouldn't forget.

It's Jen's 29th Birthday today. Happy Birthday, Baby. I love you forever.