Some people opine that having the email sender be responsible for its storage would reduce spam. That may be so, but I see doing so empowers DoS attackers with another means to carry their deeds.
In the proposed infrastructure change, a sender would put the message on his/her server and send a brief notification to the addressees. The addressees' clients then pulls the email from the location specified in the notification. In that world, a DoS attacker can work with a spammer to send bogus notification messages to a large number of clients. The messages direct the clients to pull an email from the victim's server. When the clients do so, they slashdot the victim's server.
I do not see a sure way to prevent clients from retrieving the email. A client that automatically heeds all notification messages is certainly not preventable. But a client that fully defers to human moderation may also participate in the slashdotting as well. After all, users are as much part of the problems as the spammers in current spam problem.
Blacklisting the victim's server is also a non-solution because that could be what the attacker wants or interferes with legitimate email retrievals. Blacklisting a mail URI is slightly better but still not a good solution because URIs are cheap.
If this infrastructure becomes common place, DoS attackers no longer have to construct a botnet because the whole Internet just becomes a super gargantuan botnet.
No comments:
Post a Comment