% fortune -ae paul murphy

SPAM and the free lunch

The biggest unrecognized opportunity out there for getting rid of SPAM and putting a real dent in phishing and related attacks is based on two simple steps: first recognize that the internet is a collection of smaller networks; and second, that there's no such thing as a free lunch.

For every internet access there's someone, somewhere, writing a check - and holding that person, group, or organization responsible for what's put on the shared network in their name is both easy and likely to be effective against access abuse.

To do it, first modify the TCP and related packet header standards to allocate one of the currently unused slots to an authenticated origin identifier, and secondly to add a matching repeating field for handler identifiers at the end of the packet payload.

For every account there is at least one point of access to the shared global infrastructure - and every connection between a private network or computer device and the shared infrastructure is mediated by a router or router like device. These devices are therefore perfectly positioned to sign every packet they pass with the account holder's unique id for that connection.

These can be encrypted using public key signature technology - and every new router or piece of routing software can be made part of a ring to recognize, encode, and verify these.

Routers passing the packet on after it's placed on the shared network can insert their own signatures at the end of the payload - thus producing a backtrace on where the packet's been.

With this in place, arriving packets originally encoded with fake source identifiers will have clearly embedded backtrails pointing to a very small number of possible real sources - and because differentiating among those would be trivial for the network services suppliers, the incentive to corrupt the system by reprogramming source routers simply wouldn't be there.

The technology can be introduced slowly, but once it reaches critical mass three things become possible:

  1. because every arriving packet can be traced to a verified originator, direct network attacks instantly become impractically risky for the attackers;

  2. because every arriving packet can be traced to a verified originator, it becomes possible to spam the spammers - something that will quickly put them out of business; and,

  3. because every arriving packet can be traced to a verified originator, it becomes possible to stop phishing attacks when the first one is recognized.

The downside, of course, is that bot nets and other mechanisms preying on the foolish will expose the people and organizations whose gear is being abused to further abuse. If, for example, a municipal wi-fi provider's system is abused to send a few million junk emails, the office paying the bills could get a few angry calls -and, if my idea of returning SPAM ten for one catches on, tens of millions of SPAM hits.

It sounds bad, but I don't actually see anything wrong with holding the people who pay to provide attack tools used against us responsible for stopping that abuse. Basically, if you ignore common operational standards to make it easy for bad guys to use your gear to send other people junk mail, phishing attacks, or hacker payload packets - then why shouldn't the victims be allowed to demand that you change your behavior?

This isn't rocket science, and it isn't expensive - what it is, is safe, effective, and fair - so my only real question is: why aren't we doing this already?


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.