In article , --exray-- wrote:
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.

I _do_ know how they work.

Those services *still* let stuff leak through, when 'something new' shows up.

"Somebody" has to do an analysis, determine that it _is_ a virus/worm, and
develop a 'signature' for it, that pattern-matching routines can use to
identify subsequent instances.

The subscription services rely on *outside* specialists -- like Norton, or
MacAfee -- to do that analsysis, and supply the 'signatures'.

Their primary strength is 'spam' filtering, which they accomplish by noting
when the 'same' message starts showing up 'lots of places'. *BUT* the 'early
bird' instances *do* get through, before things hit the 'lots of places'
threshold.

And, there is a real risk of legitimate traffic being mis-identified as spam.


Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.

Nope. Some _forms_ of names are not legal/valid at yahoo. knowing what
the rules are for 'allowed' names, one can suppress those which are
'disallowed'.

Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.

Without a _complete_ redesign/replacement of the basic mail-transport protocol,
it is simply _not_possible_ to check for a vaild 'From' address at the point
of receipt. *NOR* to tell authoritatively where it _actually_ came from.

In article ,
Michael A. Terrell wrote:
Chuck Harris wrote:

Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a

That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

In this case, they don't need to search for a valid file name. All
they need to do is search for a segment of the worm that doesn't change.
Someone is doing it, I am getting messages that I was sent a E-mail with
the worm, and it was removed. I find it interesting that most of these
are from other countries, including a Russian ISP.

Which works *ONLY*AFTER* "somebody" has analyzed the virus/worm, and
determined a 'signature' for it. And *maybe* gotten one that did _not_
change between varients.



valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?

I am talking about e-mail with a blank FROM: No sender is listed, no
domain, no IP address. Any e-mail missing any of these should be bounced
at the server.

WRONG. Such mails are *required* to be accepted, according to long-standing
standards. Historical reason: those messages were, traditionally, 'bounce'
messages from remote servers, that were unable to deliver a message you
sent. The 'null sender' was *deliberate* design, to prevent 'bounce of a
bounce' messages, 'bounce of a bounce of a bounce', etc.

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.

They need to standardize what is required in e-mail headers. Refuse
any e-mail with an incomplete header, or with a faked domain name. If
they can maintain a black hole list for renegade ISPs, they can maintain
a database of valid E-mail domains.

Not since last week, when the registry operator for the .com and .net
domains installed 'wildcard' records that match a query for *any*
*NONEXISTANT* domain.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.

Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV

I would rather they look into, and solve the problems. They need to
learn how to do their jobs. They are supposed to be selling service, not
excuses.

Some things _cannot_ be done, without *completely* replacing the infra-
structure. When this involves _millions_ of machines, that are *not* under
any 'centralized' control, accomplishing such infrastructure 'replacement'
is a matter of many _years_. And, until such time as *everybody* uses the
new system, all the systems that _have_ upgrades must *still* be able to
communicate using the -old- system, in order to send to, or recieve from
systems that have _not_ upgraded. And, since the 'bad guys' will *not*
convert to the new system, whereby they could be immediately identified,
there is essentially *zero*benefit* to using the 'new' system -- until that
point, *many* years down the road, when the 'old style' methodology can be
turned off. How do you convince folks to adopt 'new and different' technology,
*NOW*, that won't shoe appreciable benefits till, say, ten years down the
road?


You "don't know what you don't know" about how email is actually handled.

In article ,
Michael A. Terrell wrote:
Chuck Harris wrote:

Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a

That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

In this case, they don't need to search for a valid file name. All
they need to do is search for a segment of the worm that doesn't change.
Someone is doing it, I am getting messages that I was sent a E-mail with
the worm, and it was removed. I find it interesting that most of these
are from other countries, including a Russian ISP.

Which works *ONLY*AFTER* "somebody" has analyzed the virus/worm, and
determined a 'signature' for it. And *maybe* gotten one that did _not_
change between varients.



valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?

I am talking about e-mail with a blank FROM: No sender is listed, no
domain, no IP address. Any e-mail missing any of these should be bounced
at the server.

WRONG. Such mails are *required* to be accepted, according to long-standing
standards. Historical reason: those messages were, traditionally, 'bounce'
messages from remote servers, that were unable to deliver a message you
sent. The 'null sender' was *deliberate* design, to prevent 'bounce of a
bounce' messages, 'bounce of a bounce of a bounce', etc.

Infected e-mail should be deleted, and a message sent to the sender
that it was infected.

If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.

They need to standardize what is required in e-mail headers. Refuse
any e-mail with an incomplete header, or with a faked domain name. If
they can maintain a black hole list for renegade ISPs, they can maintain
a database of valid E-mail domains.

Not since last week, when the registry operator for the .com and .net
domains installed 'wildcard' records that match a query for *any*
*NONEXISTANT* domain.

Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.

Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV

I would rather they look into, and solve the problems. They need to
learn how to do their jobs. They are supposed to be selling service, not
excuses.

Some things _cannot_ be done, without *completely* replacing the infra-
structure. When this involves _millions_ of machines, that are *not* under
any 'centralized' control, accomplishing such infrastructure 'replacement'
is a matter of many _years_. And, until such time as *everybody* uses the
new system, all the systems that _have_ upgrades must *still* be able to
communicate using the -old- system, in order to send to, or recieve from
systems that have _not_ upgraded. And, since the 'bad guys' will *not*
convert to the new system, whereby they could be immediately identified,
there is essentially *zero*benefit* to using the 'new' system -- until that
point, *many* years down the road, when the 'old style' methodology can be
turned off. How do you convince folks to adopt 'new and different' technology,
*NOW*, that won't shoe appreciable benefits till, say, ten years down the
road?


You "don't know what you don't know" about how email is actually handled.

Robert Bonomi wrote:


You "don't know what you don't know" about how email is actually handled.

I do know that the entire e-mail system is a kludge of outdated bits
and pieces of very simple software that were thrown in place with the
belief that no one would ever abuse their crappy system. Guess what!
They were morons, and the system is a piece of crap.

As far as implementing new protocols, the longer they wait, the
longer it will take to make the change. There should be little or no
problems to implement a new system along side of the old one. Make it
obvious at a glance that any e-mail address uses the new or old
protocols, so you know which to send. Even better, develop better
E-mail clients to automatically direct it to the proper system.

If a user doesn't want to use the old protocol, they shouldn't be
forced to. ISPs and other mail providers who refuse to implement new
protocols would die off fairly fast, and it will be a moot point. Just
like the planned changes to provide more IP addresses, the current
E-mail and usenet delivery systems are broken, and all aspects of the
internet, e-mail and usenet must be fixed before it collapses like a 75
year old piece of machinery that spends more time being welded back
together or machining repair parts that haven't been made in 45 years.,
than turning out salable product.
--


Michael A. Terrell
Central Florida

Robert Bonomi wrote:


You "don't know what you don't know" about how email is actually handled.

I do know that the entire e-mail system is a kludge of outdated bits
and pieces of very simple software that were thrown in place with the
belief that no one would ever abuse their crappy system. Guess what!
They were morons, and the system is a piece of crap.

As far as implementing new protocols, the longer they wait, the
longer it will take to make the change. There should be little or no
problems to implement a new system along side of the old one. Make it
obvious at a glance that any e-mail address uses the new or old
protocols, so you know which to send. Even better, develop better
E-mail clients to automatically direct it to the proper system.

If a user doesn't want to use the old protocol, they shouldn't be
forced to. ISPs and other mail providers who refuse to implement new
protocols would die off fairly fast, and it will be a moot point. Just
like the planned changes to provide more IP addresses, the current
E-mail and usenet delivery systems are broken, and all aspects of the
internet, e-mail and usenet must be fixed before it collapses like a 75
year old piece of machinery that spends more time being welded back
together or machining repair parts that haven't been made in 45 years.,
than turning out salable product.
--


Michael A. Terrell
Central Florida

Chuck Harris wrote:

Michael A. Terrell wrote:

I do know that the entire e-mail system is a kludge of outdated bits
and pieces of very simple software that were thrown in place with the
belief that no one would ever abuse their crappy system. Guess what!
They were morons, and the system is a piece of crap.

Wow! For you to make a statement like that, you must have been quite
a programmer back in the 1970s. How much of DARPANET did you implement?

These guys invented an e-mail system where there was none before. The
sheer fact that the system is still in common use 30+ years later shows
me that these "morons" were pretty smart.

How much of what you did in the 1970s is still in common use today?

-Chuck, WA3UQV

Either you're thick headed, or you just like to argue.

The original software for E-mail, usenet and the backbone of the
internet never anticipated the size it is today. Insecure protocols,
limited addresses on networks that are running out, and not doing a damn
thing to fix the problems. The information super highway is quickly
turning into another two lane gravel road with big chuck holes that make
it harder and harder to keep patched.

I am sure none of the software I wrote years ago is in use anywhere. I
was more involved in hardware, and 95% of my software was to test
hardware that is obsolete. The rest was for personal use, and is long
gone, too.

Now, tell me, how do they access the internet on the ISS? Don't
bother, I built part of the equipment. It provides a data and video
system with a 20 MHz bandwidth on KU band.
--


Michael A. Terrell
Central Florida

Chuck Harris wrote:

Michael A. Terrell wrote:

I do know that the entire e-mail system is a kludge of outdated bits
and pieces of very simple software that were thrown in place with the
belief that no one would ever abuse their crappy system. Guess what!
They were morons, and the system is a piece of crap.

Wow! For you to make a statement like that, you must have been quite
a programmer back in the 1970s. How much of DARPANET did you implement?

These guys invented an e-mail system where there was none before. The
sheer fact that the system is still in common use 30+ years later shows
me that these "morons" were pretty smart.

How much of what you did in the 1970s is still in common use today?

-Chuck, WA3UQV

Either you're thick headed, or you just like to argue.

The original software for E-mail, usenet and the backbone of the
internet never anticipated the size it is today. Insecure protocols,
limited addresses on networks that are running out, and not doing a damn
thing to fix the problems. The information super highway is quickly
turning into another two lane gravel road with big chuck holes that make
it harder and harder to keep patched.

I am sure none of the software I wrote years ago is in use anywhere. I
was more involved in hardware, and 95% of my software was to test
hardware that is obsolete. The rest was for personal use, and is long
gone, too.

Now, tell me, how do they access the internet on the ISS? Don't
bother, I built part of the equipment. It provides a data and video
system with a 20 MHz bandwidth on KU band.
--


Michael A. Terrell
Central Florida

Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to 100
Swens per day. (The first couple of days, I had over a hundred per day.)

You guys got it easy. I'm still getting several hundred per day.
I have my email program set to download every two minutes- only way to
keep the server from bouncing good emails. Then my filters
dump the garbage. Is this thing just local to radio-related usenet
users?
I'd think if it were global, you'd hear more news stories about it.

Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to 100
Swens per day. (The first couple of days, I had over a hundred per day.)

You guys got it easy. I'm still getting several hundred per day.
I have my email program set to download every two minutes- only way to
keep the server from bouncing good emails. Then my filters
dump the garbage. Is this thing just local to radio-related usenet
users?
I'd think if it were global, you'd hear more news stories about it.

"David Stinson" wrote in message
...
Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to
100
Swens per day. (The first couple of days, I had over a hundred per day.)

You guys got it easy. I'm still getting several hundred per day.
I have my email program set to download every two minutes- only way to
keep the server from bouncing good emails. Then my filters
dump the garbage. Is this thing just local to radio-related usenet
users?
I'd think if it were global, you'd hear more news stories about it.

I noticed the Swen within a few hours of its start. I knew something must be
up, because my company's IT admin had sent an 8PM notice of his intent to
shut down the corporate email servers in ANTICIPATION of a net attack. (I
gotta find out who he talks to!) As soon as I saw that slick graphic, I knew
this was going to be a big deal.

I watched the various TV newscasts over the next few days. Near total
ignorance. And the few vague mentions seemed to confuse Swen with the
earlier SoBig. As far as I could tell, all the major news outlets were at
least 3 or 4 days behind the curve on the Swen attack. And even now, few
mentions have been given to the one problem that is bugging me, and that's
the simple byte volume that fills your mailbox till it gags.

Anyway, it's only gonna be a short time till the next attack of whatever
hits. And Swen will be down in the noise level, and almost as forgotten as
Melissa.

Ed
WB6WSN