Kelly Martin over at SecurityFocus recently published an excellent column predicting the imminent collapse of e-mail. With reports that over 80% of all email traffic is spam, it is hard to argue that there is a serious problem. Martin’s article combined with a recent experience with my ISP has got me thinking about another problem – the integrity of the internet as a whole.
In my opinion, spam and the attempted reactions to it are the largest threats that the internet faces today. In an effort to combat the exploding volumes of junk email, internet service providers have become increasingly intolerant of issues related to spam. Most subscribe to the services of one of the many black hole services. Essentially, these services maintain a database of IP addresses that have been found to either be sending junk mail or that have services running that could allow spam propagation. For example, there was a time when my web host briefly had an open mail relay on its network. In less than twelve hours, several of their mail servers were blacklisted. As a result, email from two of my domains starts getting rejected literally all around the world. My host quickly resolved the problem and my normal services were restored within a day or two.
Just yesterday, I noticed that emails I sent to certain domains were being rejected. Apparently, the IP address on my cable modem has been blacklisted. Through some correspondence with a couple of the black hole organizations, I discovered that it was not me specifically, but the entire subnet. The entire subnet. 253 IP addresses. Thanks to what is apparently a few home computers somewhere having worms or spam propagating spyware, an entire subnet has essentially been crippled on the internet.
I called Charter to ask them to get my IP de-listed. I was told that they no longer do that. Instead, I needed to take my cable modem to the local office and get a new one. That would guarantee I would receive a new IP address. Besides the frustrating fact that Charter apparently can not issue me a new IP address (that makes no sense at all to me), I was shocked to discover that they won’t even try to get the address removed from the list any time soon. When I informed them that it was the entire subnet, the agent told me that they still would not make any effort to get the range de-listed. I really could not believe this. So, just out of curiosity, I called two other well-known ISP’s, stating that I was working on a friend’s machine and that they were customers, I didn’t have their account information but that their IP had been blacklisted. Both of them told me that my “friend” would receive a new IP address. At least they could issue a new one without swapping out the cable modem, but still, they would make no immediate effort to resolve the issue of a blacklisted IP address.
Situations like this cannot continue. What do internet providers do? Do they maintain enough extra IP addresses so that they can literally dismiss whole subets until they are eventually released from black hole databases? I can’t believe that is an acceptable course of action. Following that “logic,” innocent internet users will constantly be at risk of having their IP address wiped off much of the internet simply because they happen to be in the same range as a spammer or someone whose machine is sending spam unbeknownst to the owner.
In the long term, I completely agree with Kelly Martin’s recommendations for a secure email system that would “Encode, hash, encrypt, compress, sign” messages. In the meantime, I propose a different approach – one that is based on a principle in which I strongly believe – individual responsibility. We must look at spam as what it is – a disease of the internet. There is no better analogy. It is a self-propagating virus that is weakening and degrading the internet. We must stop the spread by isolating it wherever it exists. Yes, there are people intentionally running spam servers, etc around the world, but much of the spam is generated by “innocent” machines that have been infected. The owners are completely unaware that their computers are being used to flood the internet with contaminated traffic.
There is no excuse for an internet-connected computer to not have active, updated antivirus installed and running at all times. None at all. Decent solutions can be obtained at minimal costs. There are even free options available. All machines should have antivirus – no excuses. Secondly, don’t open emails with attachments from people you do not know. Period. You did not win the lottery. You did not win a trip to the Bahamas. You are not the “lucky winner,” but you will become the next spam generating platform. Congratulations. Additionally, if someone has a high-speed internet connection, I would also recommend a decent NAT router. They are cheap and provide a exceptional protection from inbound attacks. If not, at least get a decent software firewall. These are protections that every internet connected computer should have. It is your responsibility as an inhabitant of the internet to have adequate protection for yourself and also to protect others from the ramifications of your unprotected machine being online.
If a residential, broadband internet user is found to be a gateway for spam or viruses, their ISP should immediately disconnect them. Immediately – without question. Then, the ISP could contact the individual and notify them that their machine was discovered spreading spam and/or viruses on the internet and that they need to clean their machine and submit a request to have their access enabled once they have done so. The ISP would then reinstate their service, but closely monitor their traffic for a while to ensure they are no longer causing any issues. ISPs could maintain a list of names that is shared among them. If someone tried to jump ship to another provider, the new provider would see that they have had issues and would make them prove their networthiness before giving them service. Instead of blacklisting IP addresses, blacklist people. Just like we quarantine sick people in the real world, we should quarantine them from the internet.
Blacklisting IP addresses seems completely counterproductive to me. For instance, my “bad” IP address will either be unavailable for use for some time or given to someone else when I am issued a new one. Neither of those are good options in my mind. In essence, the current model treats the IP as the problem instead of the person sitting behind it. Make individuals responsible for their own computer on the internet. If someone does not have the knowledge or ability to install software to remove the viruses and worms from their system, then they can pay someone to do it for them. We all have to pay for new tires and oil changes for our automobiles, so a little money spent on computer maintenance and health is not too much to ask. Of course, there are full-time spammers intentionally spreading their junk online, but much of their ability comes from hijacked, infected personal computers sitting behind cable, DSL and even dialup connections. If we started making individuals responsible for keeping their machines sterile, the internet would become a much cleaner, friendlier place.
Tags: internet, responsibility, security, spam, virus
Leave a Reply