The future of SMTP ?

classic Classic list List threaded Threaded
34 messages Options
12
Reply | Threaded
Open this post in threaded view
|

The future of SMTP ?

Frank Bonnet
Hello

Sorry if this seems a bit off topic ...

Postfix is really a great piece of software
and we all thanks to Wiese for his tremendous work.

But to fight spam and all other malicious
problems it's getting more and more sophisticated
and complex to configure every day.
It is not a criticism it is a fact that jump
to every sysadmin's face.

Email communication require a more and more complicated
machinery every day too.

Does anyone has knowing of the future of SMTP ?
Is there some project to replace it by some
more secure protocol ?

Understand me well , writing this I do not want
to start some war I would like to know if there
is some long term reflexion "somewhere" to build
some other protocol.

I know this would be a huge project ...

Thanks for your attention
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Daniel Bromberg
On 3/13/2011 4:57 AM, Frank Bonnet wrote:

> Hello
>
> Sorry if this seems a bit off topic ...
>
> Postfix is really a great piece of software
> and we all thanks to Wiese for his tremendous work.
>
> But to fight spam and all other malicious
> problems it's getting more and more sophisticated
> and complex to configure every day.
> It is not a criticism it is a fact that jump
> to every sysadmin's face.
>
> Email communication require a more and more complicated
> machinery every day too.
>
> Does anyone has knowing of the future of SMTP ?
> Is there some project to replace it by some
> more secure protocol ?
>
> Understand me well , writing this I do not want
> to start some war I would like to know if there
> is some long term reflexion "somewhere" to build
> some other protocol.
>
> I know this would be a huge project ...
>
> Thanks for your attention
It is very off-topic :-)

Admittedly the result of a quick Google search, the article below is a
fairly cogent summary of some major issues, especially why a
'replacement for SMTP' is probably the wrong question, or at least a
hopeless oversimplification.  It's kind of like asking why don't we make
AA batteries one cm longer to store more energy. Not a technology issue
per se, but an installed base of 100,000,000,... (insert zeroes as needed)

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-2/102_smtp.html

How about one more thoughtful post at most and then a threadkill.

-DB

Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Jacqui Caren-home
> On 3/13/2011 4:57 AM, Frank Bonnet wrote:
> How about one more thoughtful post at most and then a threadkill.

Join the spammers.dontlike.us list - its a good place to bring this sort of general question up.
Join the ongoing marf standards list - it will affect us all!

Finally - there is no magic bullet as there are so many different types of ISP/MSP/business
out there with differing needs. An extreme example is a US midwest ISP that only accepts email
from within the US IP ranges - he blocks the rest of the world and his customers are happy.
He prosecutes US spammers and does not have to deal with non US spam.
The customers use gmail/hotmail/yahoo/et.al for "outsider" email :-)

Jacqui
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

mouss-4
In reply to this post by Frank Bonnet
Le 13/03/2011 09:57, Frank Bonnet a écrit :

> Hello
>
> Sorry if this seems a bit off topic ...
>
> Postfix is really a great piece of software
> and we all thanks to Wiese for his tremendous work.
>
> But to fight spam and all other malicious
> problems it's getting more and more sophisticated
> and complex to configure every day.
>
> It is not a criticism it is a fact that jump
> to every sysadmin's face.
>
> Email communication require a more and more complicated
> machinery every day too.
>
> Does anyone has knowing of the future of SMTP ?
> Is there some project to replace it by some
> more secure protocol ?
>
> Understand me well , writing this I do not want
> to start some war I would like to know if there
> is some long term reflexion "somewhere" to build
> some other protocol.
>
> I know this would be a huge project ...
>


Consider this:

- we get a lot of spam from systems that are owned (zombies, infected
servers, ..). to prevent this, we need to secure all systems. is this
feasible? not by reinventing smtp.

- other spam comes from machines at hosters which also host "legitimate"
customers. can we stop this? not by reinventing smtp.

- spammers buy a lot of domains and use them in spam URLs. can we stop
this? not by reinventing smtp.

... etc.


I am not saying we should do nothing. I'm simply saying it's much more
than an smtp design issue.


Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Steve-352
In reply to this post by Frank Bonnet

-------- Original-Nachricht --------
> Datum: Sun, 13 Mar 2011 09:57:20 +0100
> Von: Frank Bonnet <[hidden email]>
> An: [hidden email]
> Betreff: The future of SMTP ?

> Hello
>
> Sorry if this seems a bit off topic ...
>
> Postfix is really a great piece of software
> and we all thanks to Wiese for his tremendous work.
>
> But to fight spam and all other malicious
> problems it's getting more and more sophisticated
> and complex to configure every day.
> It is not a criticism it is a fact that jump
> to every sysadmin's face.
>
> Email communication require a more and more complicated
> machinery every day too.
>
> Does anyone has knowing of the future of SMTP ?
> Is there some project to replace it by some
> more secure protocol ?
>
> Understand me well , writing this I do not want
> to start some war I would like to know if there
> is some long term reflexion "somewhere" to build
> some other protocol.
>
> I know this would be a huge project ...
>
> Thanks for your attention


The spamming problem is not something that you can fix by replacing SMTP with something new. If you would configure your SMTPD to only accept strict standard SMTP stuff then you will see that this alone would remove much of the spam you get (just take for example the HELO/EHLO part. If you would strictly enforce what is described in RFC then a lot of spammers (and legitime) senders would be blocked. Not that I find this okay but just to illustrate that the protocol SMTP is not the problem). And today it is not big deal to cut down spam to less then 1% of the inbound. I really don't understand why people keep telling that spam is a problem? It is only a problem if you have not properly configured your SMTPD. Today it is so easy to cut down spam and most solutions don't require huge machinery at all.
--
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Reindl Harald-2


Am 13.03.2011 12:38, schrieb Steve:
> And today it is not big deal to cut down spam to less then 1% of the inbound.

but not only with postfix and without taking money in the hand
do not tell us only with strict smtp you get 99% spam away

> I really don't understand why people keep telling that spam is a problem?

because there are peopole out their whose time costs money?


signature.asc (269 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Steve-352

-------- Original-Nachricht --------
> Datum: Sun, 13 Mar 2011 12:42:55 +0100
> Von: Reindl Harald <[hidden email]>
> An: [hidden email]
> Betreff: Re: The future of SMTP ?

>
>
> Am 13.03.2011 12:38, schrieb Steve:
> > And today it is not big deal to cut down spam to less then 1% of the
> inbound.
>
> but not only with postfix
>
No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure.


> and without taking money in the hand
>
Money for what? Nothing is free. The hardware on which postfix runs costs money, the connectivity costs money, work time costs money, etc... But you can get a decent low inbound spam rate without paying one single cent for the anti-spam/anti-virus solution and without spending much time in implementing it.


> do not tell us only with strict smtp you get 99% spam away
>
I don't know that. I just wrote that if you would enforce strict SMTP then you would already lower the spam inbound. I have never tried to use 100% strict SMTP. I can't do that. I am an ISP/ESP and following strictly the SMTP standard is not an option for me. I could do that but then I would loose much of my customers.


> > I really don't understand why people keep telling that spam is a
> problem?
>
> because there are peopole out their whose time costs money?
>
My time costs money too. As I wrote above: Nothing is free.
--
NEU: FreePhone - kostenlos mobil telefonieren und surfen!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

dennisthetiger
In reply to this post by Frank Bonnet
On Sun, 13 Mar 2011, Frank Bonnet wrote:

> But to fight spam and all other malicious
> problems it's getting more and more sophisticated
> and complex to configure every day.
> It is not a criticism it is a fact that jump
> to every sysadmin's face.

> Does anyone has knowing of the future of SMTP ?
> Is there some project to replace it by some
> more secure protocol ?

I, too, would have to say "no" to this one.

SMTP is used largely because it has worked since the standard was
implemented with RFC 822 back nearly 30 years ago and it still works, for
all intents, and in fact does exactly what it says on the tin.  So it's
not SMTP that's broken, it's pretty much a) the end users who allow their
machines to be zombied as a result of not exercising proper security
practices, and b) the scumbags who actually generate the crap.

The best we can really do is implement the spam blocks for receiving,
unfortunately, and continue the usual practices: SPF implementations, the
varying blacklists, etc.

-Dennis


Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

dennisthetiger
In reply to this post by Reindl Harald-2
On Sun, 13 Mar 2011, Reindl Harald wrote:

>
>
> Am 13.03.2011 12:38, schrieb Steve:

>> I really don't understand why people keep telling that spam is a problem?
>
> because there are peopole out their whose time costs money?

This prt of the problem I suspect is marginal.  It's not the cost, it's
who's making the money.

Consider that part of my background involves being the mailroom guy in an
outfit that routinely sent out bulk snail mail here in the US. As annoying
as "junk mail" is, it's documentably easier to target than email and
somebody is actually putting time, money, and effort into this stuff - you
have to buy the advertisement materials and the address list, somebody is
getting paid to collate and prepare everything, and somebody is hauling it
down to the post office - who takes their payment in the form of postage.
Busted my ass for that, I did, and it was decent money - when the company
owner was not there to tell me how to do my job. =)

A spammer?  It's just a list of email addresses.  Push a button and sure,
the spam is targeted - to a bunch of email addresses.  Doesn't work so hot
- my girlfriend gets ads for Viagra and penis enlargement, and I get ads
for having my "organ" enlarged.  Why would I want an enlarged heart or
liver ?  Meanwhile, for ten minutes of work max, these assholes need only
press a button and go get a cup of coffee, and they just made a mint.

So the problem is not with SMTP, it's with the spammers.  Only thing we
can do is block them.  I really, REALLY wish there was more we could do
so we can stop them - but the only thing we can do to stop them is to
make it cost more than it's worth, and the only way I can admittedly come
up with would be pretty unethical. .

-Dennis


Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Lorens Kockum-2
In reply to this post by Steve-352
On Sun, Mar 13, 2011 at 12:38:24PM +0100, Steve wrote:
> The spamming problem is not something that you can fix by
> replacing SMTP with something new.

An appropriate illustration is the initiative taken recently by
Germany's government to create a secure e-mail environment. It
does not replace SMTP. It mandates encryption, digital
signatures with government-issued certificates, isolation from
the current SMTP network, certified providers, and (optional?)
per-message fees.

http://www.itworld.com/software/139104/germany-identifies-secure-way-deal-spam

Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Steve-352

-------- Original-Nachricht --------
> Datum: Sun, 13 Mar 2011 15:58:50 +0100
> Von: Lorens Kockum <[hidden email]>
> An: [hidden email]
> Betreff: Re: The future of SMTP ?

> On Sun, Mar 13, 2011 at 12:38:24PM +0100, Steve wrote:
> > The spamming problem is not something that you can fix by
> > replacing SMTP with something new.
>
> An appropriate illustration is the initiative taken recently by
> Germany's government to create a secure e-mail environment. It
> does not replace SMTP. It mandates encryption, digital
> signatures with government-issued certificates, isolation from
> the current SMTP network, certified providers, and (optional?)
> per-message fees.
>
> http://www.itworld.com/software/139104/germany-identifies-secure-way-deal-spam
>
De-Mail will probably cut down Spam but that is only a side effect. The main purpose of De-Mail is not about Spam. The reasons for De-Mail are others. Anyway... I am not German but I personally am not trusting De-Mail. Why should I trust a system in which the ISP is able to decrypt my message? For me encryption needs to be end to end.
--
NEU: FreePhone - kostenlos mobil telefonieren und surfen!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

lst_hoe02
In reply to this post by Frank Bonnet
Zitat von Frank Bonnet <[hidden email]>:

> Hello
>
> Sorry if this seems a bit off topic ...
>
> Postfix is really a great piece of software
> and we all thanks to Wiese for his tremendous work.
>
> But to fight spam and all other malicious
> problems it's getting more and more sophisticated
> and complex to configure every day.
> It is not a criticism it is a fact that jump
> to every sysadmin's face.
>
> Email communication require a more and more complicated
> machinery every day too.
>
> Does anyone has knowing of the future of SMTP ?
> Is there some project to replace it by some
> more secure protocol ?
>
> Understand me well , writing this I do not want
> to start some war I would like to know if there
> is some long term reflexion "somewhere" to build
> some other protocol.
>
> I know this would be a huge project ...
>
This is not a problem of SMTP but from the idea to design a system  
where everyone is able to send a message to some other participant if  
the "address" is known. So you don't have to reinvent SMTP but to  
ditch the idea of free electronic communication.
One may even argue that it is already partly the case because of  
ongoing blocking of IP space because of country/DUL/ISP reasons but  
that is not a technology (SMTP) thing but policy of the receiver.

Regards

Andreas



smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Erwan David
In reply to this post by Steve-352
Le Sun 13/03/2011, Steve disait

>
> >
> >
> > Am 13.03.2011 12:38, schrieb Steve:
> > > And today it is not big deal to cut down spam to less then 1% of the
> > inbound.
> >
> > but not only with postfix
> >
> No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure.

And without too much collateral damages ? I can stop all spam. But how many legitime email will I block in the same time ?

Yes I can stop all spam, by cutting off all email. 100% efficiency, but also 100% collateral damage...

--
Erwan
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Marc Weber
In reply to this post by Frank Bonnet
What's causing spam?

Reasons for spam:
- people want traffic on their sites (because they hope to make more
  business) - or they want to distribute malware.

Whom to spam:
- spammers try to find contact identifiers to send messages to.
  They do this  by:
  - random combinations of words
  - harvesting the internet

Now they know email addresses or random addresses to send messages to
people.  Why can they do this? Because sending email to everyone is
possible easily.

Some more questions are: Why aren't computers sending spam shutdown
earlier? I'm no expert here. Maybe it easy to hack pc's maybe some
admins don't care - maybe its just the delay it takes from seeing the
first spam till shutting down.

So that email is open to everyone - the fact that everybody can send
stuff to anybody else and that your contact id (user@host) can be
guessed are reasons that spam exist.

Did you note something? I didn't even write once about SMPT.
Because all those facts are not related to SMPT.

Google tried "google waves" and thought it could replace emails.
Probably they were wrong. Emails just work very well ..

So if I were you I'd try getting either a good spam filter or users to
- never publish their address
- us a random char email address such as oun234eq4qj423e@host
Then spam will be reduced .. :) (Unless spammers catch up)

Given what I wrote rethink about why it should be the SMPT protocol
causing spammers to appear.

I'm not an expert on this area. So if any statement looks too wrong
correct me, please.

Marc Weber
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Glen B-2
In reply to this post by Frank Bonnet
On 3/13/2011 4:57 AM, Frank Bonnet wrote:
> Hello
>
> Sorry if this seems a bit off topic ...
>
> Postfix is really a great piece of software
> and we all thanks to Wiese for his tremendous work.
>

    Yes it is and it gets better every release.

> But to fight spam and all other malicious
> problems it's getting more and more sophisticated
> and complex to configure every day.
> It is not a criticism it is a fact that jump
> to every sysadmin's face.

  Some of the major problems are the sysadmins themselves.
  There are too many incompetent and/or uneducated SMTP
  server administrators running software they do not
  understand. Many also do not understand the protocol
  so that just adds to the problem base. Take your pick
  from all of the packaged server software choices and I
  will bet that every one of them has an "Internet Mail"
  option that is far from spam-safe.

GlenB (pickcoder)
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Wietse Venema
In reply to this post by lst_hoe02
[hidden email]:
> This is not a problem of SMTP but from the idea to design a system  
> where everyone is able to send a message to some other participant if  
> the "address" is known. So you don't have to reinvent SMTP but to  
> ditch the idea of free electronic communication.

+1.

Now, let's end this thread.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Steve-352
In reply to this post by Erwan David

-------- Original-Nachricht --------
> Datum: Sun, 13 Mar 2011 16:56:31 +0100
> Von: Erwan David <[hidden email]>
> An: [hidden email]
> Betreff: Re: The future of SMTP ?

> Le Sun 13/03/2011, Steve disait
> >
> > >
> > >
> > > Am 13.03.2011 12:38, schrieb Steve:
> > > > And today it is not big deal to cut down spam to less then 1% of the
> > > inbound.
> > >
> > > but not only with postfix
> > >
> > No. Not only with postfix alone. But most of us are not only using
> postfix in their messaging infrastructure.
>
> And without too much collateral damages?
>
Yes.


> I can stop all spam. But how
> many legitime email will I block in the same time ?
>
Depends on your implementation.


> Yes I can stop all spam, by cutting off all email. 100% efficiency, but
> also 100% collateral damage...
>
If this is what you want... then just do it.


> --
> Erwan

--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

mouss-4
In reply to this post by Erwan David
Le 13/03/2011 16:56, Erwan David a écrit :

> Le Sun 13/03/2011, Steve disait
>>
>>>
>>>
>>> Am 13.03.2011 12:38, schrieb Steve:
>>>> And today it is not big deal to cut down spam to less then 1% of the
>>> inbound.
>>>
>>> but not only with postfix
>>>
>> No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure.
>
> And without too much collateral damages ? I can stop all spam. But how many legitime email will I block in the same time ?

what are you are trying to say?

>
> Yes I can stop all spam, by cutting off all email. 100% efficiency, but also 100% collateral damage...
>

come on. we do block most spam without much FPs. sure, we do block mail
from residential IPs, from hosts which behave as ratenets, ... but we
don't consider that to be FPs.
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

mouss-4
In reply to this post by lst_hoe02
Le 13/03/2011 16:52, [hidden email] a écrit :

> Zitat von Frank Bonnet <[hidden email]>:
>
>> Hello
>>
>> Sorry if this seems a bit off topic ...
>>
>> Postfix is really a great piece of software
>> and we all thanks to Wiese for his tremendous work.
>>
>> But to fight spam and all other malicious
>> problems it's getting more and more sophisticated
>> and complex to configure every day.
>> It is not a criticism it is a fact that jump
>> to every sysadmin's face.
>>
>> Email communication require a more and more complicated
>> machinery every day too.
>>
>> Does anyone has knowing of the future of SMTP ?
>> Is there some project to replace it by some
>> more secure protocol ?
>>
>> Understand me well , writing this I do not want
>> to start some war I would like to know if there
>> is some long term reflexion "somewhere" to build
>> some other protocol.
>>
>> I know this would be a huge project ...
>>
>
> This is not a problem of SMTP but from the idea to design a system where
> everyone is able to send a message to some other participant if the
> "address" is known. So you don't have to reinvent SMTP but to ditch the
> idea of free electronic communication.

yep. and one thing here: the debian lists are still open. and I like it.
there is some spam, but not that much. I appreciate the position: spam
won't force us to abandon our principles of open communication. kudos to
debian lists.

> One may even argue that it is already partly the case because of ongoing
> blocking of IP space because of country/DUL/ISP reasons but that is not
> a technology (SMTP) thing but policy of the receiver.
>


yep again.
Reply | Threaded
Open this post in threaded view
|

Re: The future of SMTP ?

Curtis Maurand
In reply to this post by dennisthetiger

I would argue that its partially Microsoft's fault for allowing scripts in email or from web pages to have access to anything on your machine outside of the message viewer or the browser.  ActiveX is not your friend in these cases.

--Curtis

Dennis Carr wrote:

> On Sun, 13 Mar 2011, Frank Bonnet wrote:
>
>> But to fight spam and all other malicious
>> problems it's getting more and more sophisticated
>> and complex to configure every day.
>> It is not a criticism it is a fact that jump
>> to every sysadmin's face.
>
>> Does anyone has knowing of the future of SMTP ?
>> Is there some project to replace it by some
>> more secure protocol ?
>
> I, too, would have to say "no" to this one.
>
> SMTP is used largely because it has worked since the standard was
> implemented with RFC 822 back nearly 30 years ago and it still works, for
> all intents, and in fact does exactly what it says on the tin. So it's
> not SMTP that's broken, it's pretty much a) the end users who allow their
> machines to be zombied as a result of not exercising proper security
> practices, and b) the scumbags who actually generate the crap.
>
> The best we can really do is implement the spam blocks for receiving,
> unfortunately, and continue the usual practices: SPF implementations, the
> varying blacklists, etc.
>
> -Dennis
>
>
>
12