Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Many people think that there's no way to win the war against the spam bot army. I don't agree. I
think that it is winable and that through policy changes but ISPs that virus infected computers can be
detected and isolated. This is a war we can with without restricting good email or infringing on the
freedoms of people to freely communicate. In this article I will try to outline the problem and simple
changes that can lead to a solution. The more ISPs adopt these ideas the less spam and viruses we
will all have to deal with.
Contents
■ 1 Defining the Problem
■ 2 Consumers and Experts
■ 3 Problems with the old SMTP model in the Modern World
■ 4 SMTP Isolation
■ 5 Implementing Port Blocking Policies
■ 6 Outgoing Port 25 Blocking through Router Policies
■ 7 Switching on Port 587 for Outgoing Email
■ 8 Consumer port 25 to 587 redirecting
■ 9 Using POP/IMAP for outgoing email
■ 10 Critical Mass for Viruses
■ 11 ISP Responsibility
As time went on more people gained access to the Internet and instead of user logging into Unix
shell accounts users had PCs and email clients. Even though servers still stored email in Unix
accounts the end users never logged into a Unix shell. Instead they downloaded they email using
POP/IMAP protocols which gave them email access from their personal computers.
http://wiki.ctyme.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots 29/10/2010
How to put an end to Virus Infected Spam Bots - Computer Tyme Support Wiki Page 2 of 5
This leads to what I will call two classifications of people which I will refer to as "consumers" and
"experts". A consumer is a person who just wants to surf the web and get email without having to
understand anything about how things work. These people are generally (for the purpose of this
discussion) technically unsophisticated and are vulnerable to being misled or tricked into allowing
theivs to install viruses on their system.
The trick is to prevent consumers from talking to servers other than the putgoing SMTP server they
are supposed to use. This can be accomplished by using Submission (port 587) instead of SMTP.
Submission can be as simple as SMTP on an alternate port without a password but restricted to the
ISPs customers, or it can be authenticated SMTP open to the world but requiring a user name and
password to access.
SMTP Isolation
My idea is to isolate consumers from talking directly to incoming SMTP servers. Picture this model.
ISPs have two classes of SMTP servers. One server is for receiving email from consumers to relay to
the outside world [outbound server]. The other is to receive email from the outside world to deliver
to the consumer's inbox [imbound server]. Email is sent from the sender to the ISPs outbound server,
which relays the message to the recipient's IPSs inbound server where it is stored till the recipient
pops it.
ISPs Hardware:
Email Routing
More Details:
http://wiki.ctyme.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots 29/10/2010
How to put an end to Virus Infected Spam Bots - Computer Tyme Support Wiki Page 3 of 5
Consumer -- Port 587 --> ISPs Outgoing SMTP Server -- port 25 -->
--> recipient ISPs Inbound Server -- Port 110 POP --> recipient
Blocking Model
Virus -- Port 25 --> XXXX ISP Blocked XXXX --> recipient ISPs Inbound Server
In the above model the consumer would have port 25 blocked by default allowing the consumer to
send email only on port 587 to outbound servers and would be blocked from talking to inbound
servers. That way virus infected consumer computers couldn't talk to inbound servers at all and the
spam bot can't send spam. If the ISP required password authentication on outbound email then the
virus wouldn't be able to send on port 587 because the virus wouldn't know the password.
* Outbound Servers have port 587 open to the world accepting authenticated only
* Outbound Servers will accept connections from their customers on port 25 or 587
* Outbound Servers block port 25 connections from outside world
* Inbound Servers accepts port 25 connections from the world for domains they service
* Inbound Servers block connections on port 587
The NAT will allow the user to surf the web without the web surfing the consumer. Thus if the
consumer has software vulnerabilities they will still be protected from outside connections to the
consumer's PC. I believe that in today's world that NAT protection should be the default. It also will
allow the consumer to connect multiple computers without additional equipment.
http://wiki.ctyme.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots 29/10/2010
How to put an end to Virus Infected Spam Bots - Computer Tyme Support Wiki Page 4 of 5
Email clients like Outlook and Thunderbird should default to port 587 instead of port 25. We need to
encourage the email client developers to use the submission port instead of the SMTP port.
Consumer --> ISP -- Port 25 to 587 Redirect --> Outbound Server on 587 - Works!
Virus -----> ISP -- Port 25 to 587 Redirect --> Inbound Server on 587 - Blocked!
However, if the consumer has a virus and starts trying to spam inbound servers then that will also be
redirected to port 587 and the inbound servers will have port 587 blocked our requiring
authentication which the virus doesn't have. This will prevent viruses from talking to inbound servers
while allowing consumers to talk to outbound servers. But the port 587 structure needs to be more
widely adapted first before this is possible.
Sender -----> Outgoing IMAP --> ISP IMAP Server --> Outbound SMTP Server --> Internet
Recipient <-- Incoming IMAP <-- ISP IMAP Server <-- Inbound SMTP Server <--- Internet
The idea is that you would use your incoming authenticated connection to transfer outgoing email
back to your POP/IMAP server which would hand the message to the outgoing SMTP server for
regular SMTP delivery. The advantages to this system are obvious. Once incoming email is set up
there's not need for an outgoing configuration. It would eliminate the problem with port blocking of
outgoing emails for mobile users because it isus the same incoming connection. It would also show
that they outgoing message came from a person who has access to the email account that they are
claiming to be. (This would be in conjunction with the IMAP/POP server forcing the sender address
to match them IMAP authentication where the loging ID is the email address.)
Such a system doesn't yet exist but we are very interested in seeing it developed.
http://wiki.ctyme.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots 29/10/2010
How to put an end to Virus Infected Spam Bots - Computer Tyme Support Wiki Page 5 of 5
ISP Responsibility
Our position is that anyone who provides an internet based service should take reasonable measures
to ensure that the consumers they connect to the Internet are reasonably protected from the Internet
and are not a hazard to the rest of the web. We think the ISP has some responsibility to keep their
users out of trouble and to keep them from causing trouble. Of course you can't eliminate all
problems entirely but where technology and policy exists to minimize the problem a good ISP
should implement it.
Retrieved from
"http://wiki.ctyme.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots"
http://wiki.ctyme.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots 29/10/2010