[Mimedefang] FTC asks ISPs to crack down on zombie PCs

James Ebright jebright at esisnet.com
Wed May 25 09:03:31 EDT 2005


On Tue, 24 May 2005 14:17:54 -0700, Matthew.van.Eerde wrote

>     * blocking a common Internet port used for e-mail when possible;
>     * applying rate-limiting controls for e-mail relays;
>     * identifying computers that are sending atypical amounts of e-
>       mail and take steps to determine if the computer is acting as a spam 
>       zombie. When necessary, quarantine the affected computer until the 
>       source of the problem is removed;    
>     * providing plain-language information for customers on how to keep 
>       their home computers secure; and    
>     * providing or pointing their customers to easy-to-use tools to remove 
>       zombie code if their computers become infected. "

Well it is about time, but....

Any ISP worth a damned already does all of the above and more, the issue is
not so much with ISPs but with telcos that have creeped into the ISP market
for residential customers. (i.e. the MCIs and Sprints [and others]). Focusing
there will deliver the most bang for the FTCs buck so to speak as competition
has killed off most of the ISPs that were clueless.

Also note, the FTC has changed the text of the letter a bit, the relevant
points now read:

    *   block port 25 except for the outbound SMTP requirements of
authenticated users of mail servers designed for client traffic. Explore
implementing Authenticated SMTP on port 587 for clients who must operate
outgoing mail servers.
    * apply rate-limiting controls for email relays.
    * identify computers that are sending atypical amounts of email, and take
steps to determine if the computer is acting as a spam zombie. When necessary,
quarantine the affected computer until the source of the problem is removed.
    * give your customers plain-language advice on how to prevent their
computers from being infected by worms, trojans, or other malware that turn
PCs into spam zombies, and provide the appropriate tools and assistance.
    * provide, or point your customers to, easy-to-use tools to remove zombie
code if their computers have been infected, and provide the appropriate
assistance.

But really the first item should be: 

* block outbound port 25 except for designated MTAs. Define a SPF record for
said MTAs. Implement SMTP Auth. 

(sidenote: port 587 is not sufficient for TLS auth, also need 483 thanks to
good ole M$ and outlook)

The other repurcusion, probably an unavoidable one in the long term anyway, is
zombies will now be created that can hijack a users mailsettings and
credentials to then relay mail, which will improve the spam message structure
considerably as well since many MTAs correct things that ratware normally
foobars and as a result will remove many of the footprints things like SA look
for.

Just my $0.02,

Jim
--
EsisNet.com Webmail Client




More information about the MIMEDefang mailing list