I’m on a panel tomorrow at the General Meeting of the Messaging Anti-Abuse Working Group, the organization that keeps the Internet from being overrun by spam and malware:
The Messaging Anti-Abuse Working Group is a global organization focusing on preserving electronic messaging from online exploits and abuse with the goal of enhancing user trust and confidence, while ensuring the deliverability of legitimate messages. With a broad base of Internet Service Providers (ISPs) and network operators representing almost one billion mailboxes, key technology providers and senders, MAAWG works to address messaging abuse by focusing on technology, industry collaboration and public policy initiatives
My panel is on Mail Filtering Transparency: The Impact of Network
Neutrality on Combating Abuse:
Network Neutrality (NN) means different things to different people. In 2008, much of the debate was focused on protecting P2P applications from various network management practices. In 2009, the debate is likely to expand to explore the impact of NN concepts on other applications, particularly email. We have already seen the strong reaction by some parties at the IETF to attempts to standardize DNS xBLs, which some claimed were discriminatory and lacking in transparency. We have also heard of claims that when ISPs block certain domains and servers that this may be discriminatory and could run afoul of NN concepts. This panel will explore the question of what NN means to email antiâ€abuse, the increasing scrutiny that antiâ€abuse policies will be under, the motivations behind the drive for greater transparency regarding such policies, and how all of those things should be balanced against the need to enforce strong antiâ€abuse techniques.
Dave Crocker is on the panel, and I’m looking forward to meeting him, and I have it on good authority that Paul Vixie will be in attendance as well. The best thing about being an opinionated jerk like I am is the people you get to meet.
This organization is at the crossroads of “run any application you want” and “reasonable network management.” Spam prevention has always been a lightning rod because the very existence of spam highlights so many of the problems the current Internet architecture has. Its central assumption is that people will behave nicely all (or at least most) of the time, and the existence of botnets clearly calls that into question. It probably comes as no surprise that the filtering that spam reduction systems have to do makes net neuts nervous. Stupid networks may be nice in theory, but we live in a world of practice.
I keep saying that DPI is an essential part of the immune system for the Internet. It’s essential that ALL data, including headers and user content is inspected for spam, spyware, viruses, and malware in general.
How is it possible that some consider scanning all user content for spam and malware signatures acceptable but scanning content for copyright signatures illegal? How is it that these same people consider scanning just the protocol headers for the purpose of network management wrong? It is a simple fact that they don’t make any sense.
The DNS Blacklists squelch 81% of spam at the source, which is certainly good for all of us.
What do you mean “at the source”? The zombie PC? The SMTP relay? I thought most blacklists are used at the destination SMTP server, which is far from the source.
One advantage of “router neutrality” or “packet neutrality” is that it allows SMTP servers to continue using their blacklists or whatever spam filtering they want.
My impression is that any SMTP relay can check a blacklist, but I could be wrong.
Richard is correct on his last note. Most RBLs are implemented in the SMTP server itself. Inbound mail, in one example, is checked against a given RBL when an SMTP connection is opened up. The mail server can then be configured to either drop/reject the mail, or to accept it and do additional processing (content filters for spam, virus, phishing, etc.), or do something else (like assign a trust / reputation score for use later in processing).
My SMTP servers use RBLs, as do those of most responsible ISPs. There are different kinds of RBLs, though. Some simply list hosts from which the server should not accept connections. Others let the server check URLs and domain names within messages after they have been received, to see if they belong to spammers or phishers. (This is sometimes called an RHSBL.) The thing that all RBLs have in common is that they use DNS as a database retrieval mechanism.