Re: [anti-spam-wg@localhost] Solution to Spam
- Date: Fri, 27 Jun 2003 17:23:08 +0000
My responses are in the body of the message below:
On Fri, Jun 27, 2003 at 02:35:52PM +0000, Mark McCarron wrote:
> Well, that's very strange. Everyone has suddenly gone VERY quiet. No
one
> found any holes in the 'GIEIS' system?
Sorry to be harsh, but the system is crap and this will be my only email
on this topic as discussing this system is a waste of time.
We are one of the larger ISPs in Germany (in business since 1993) and
our main orientation is towards business customers. Our mailservers
process about 400000 to 600000 emails a day. Just for the background.
We host e.g. a mail gateway for Inmarsat which is the system that
delivers email to ships around the world via satellite. The
communication with other Inmarsat gates has sometimes 20000 messages
a day and more per gate.
Mark's response:
Now your making me laugh. Legitimate business will be uneffect by the
system as they will have special access. You quite clearly have issues with
reading comprehension, which makes me doubt you work for any ISP.
*> 4. The 'EAS' blocks further access for 10 seconds
I'd like to see how we should provide further reliable mail service to
the ships. 20000 * 10 = 200000 seconds = approx. 2.5 days. Thast means
we will produce a backlog of 1.5 days each day.
Mark's response:
Please refer to my last response, this is nonsense.
*> 11. The 'EAS' awaits confirmation requests from 'GIEIS'. After
*> confirmation the unique ID is removed from the database.
*> [ ... ]
*> 2. The emails are held in tempory storage and the encrypted header
*> sent to 'GIEIS
Now that is kewl. Single point of failure. A DDoS and the Internet's
mailsystem is down. Oh I forgot it will run on Windows, we don't need a
DoS of any kind at all to bring the Internet's mailsystem down.
Mark's response:
Who said anything about using Windows for the servers??? Your just making
that up!!! Also, any half decent security system can eliminate a 'Denial of
Service' attack.
*> Close monitoring will be kept on all mailing lists at all times.
*ROTFL* You don't have any idea on the number of mailing lists out
there, do you? Exactly WHO will monitor them and WHO will decide?
I promise you that with each removal of the grant code you will have
a bunch of lawyers hunting down your butt.
Mark's response:
Lawyers can breathe all they like. The 'Terms of Service' agreement will be
quite clear. The 'GIEIS' system will require a dedicated staff of possibly
up to 500 people. Combine this with user reports and filters that parse
messages looking for suspicious subjects/text and its going to be pretty
secure. If we would be saving the industry almost $12 Billion a year, then
there would be ample budget from that to run an EXTREMELY large dedicated
centre.
> Yesterday, in excess of 500 ISPs were contacted and informed about the
> system. The response has been unbelievable to say the least with 90%
> reporting immediatly that they would adopt such a system.
Sorry, but I am sure this is a lie and I will stick to that until proved
otherwise.
Mark's response:
What? Is it so difficult to email 500 companies??? Really!
> The paper is now being turned into an RFC, to be released VERY soon.
Go and learn about the processes involved to create a RFC.
Mark's response:
I should know the procedure very well by now, since I been involved in the
production of a quite a number of RFCs. If you want to know more about
Internet drafts and RFCs then follow this link:
http://www.ietf.org/rfc/rfc2026.txt
"The security, stability and reliability of a computer system is
reciprocally
proportional to the amount of vacuity between the ears of the admin"
Mark's response:
Maybe you should have yourself tested sometime.
Mark McCarron.
_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger