[ISN] Re: IBM offers "strikeback" service to counter spammers

[InfoSec News]

Forwarded from: security curmudgeon <jericho at attrition.org>

: http://money.cnn.com/2005/03/22/technology/ibm_spam/index.htm?cnn=yes
:
: March 22, 2005: 12:22 PM EST
:
: NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends
: unwanted e-mails back to the spammers who sent them.

Jeez, not only is IBM years behind the bandwagon as usual, they are
jumping on a broken bandwagon full of dangerous moving parts.

: The new IBM (Research) service, known as FairUCE, essentially uses a
: giant database to identify computers that are sending spam. E-mails
: coming from a computer on the spam database are sent directly back to
: the computer, not just the e-mail account, that sent them.

This is entirely worthless as a paragraph and explanation for what IBM
plans to do. Most machines that are sending spam are Joe User's home
computer that has been compromised by a spammer, trojan or worm. Most
of these computers don't run a SMTP server to receive e-mail. Most of
these machines have nothing to do with the person truly sending the
spam. Most of these computers have no tie to the "e-mail account" of
the person sending them.

All this will do is shove a lot of unwanted mail to victims of
computer crime, not the perpetrator of the spam. Most of this mail
will not be delivered and cause more bounces back to IBM causing more
headache.

: "By creating a multi-layered defense that proactively repels spam at its
: source, companies can get ahead of spammers and malicious hackers who
: are always looking for new ways of penetrating IT systems through
: e-mail."

Uh hello IBM, sending spam back at people isn't "defense", that is
"offense".

: IBM said the new solution effectively minimizes the growing threats of
: "phishing and spoofing -- tactics used to trick people into disclosing
: information that can lead to identity theft."

Sending spam back at the source of the spam hitting your network does
not reduce any threats. Spam, phising and spoofed mails still come in
from a ton of other sources, possibly even the same hosts IBM is
'spamming' back.

: IBM has previously offered anti-spam filter technology, but this is the
: first time the company has developed technology to "send spam back to
: the spammer," according to IBM spokeswoman Kelli Gail. IBM is not
: concerned about liability, even in cases where innocent senders might be
: misidentified as spammers, because all the technology does is bounce
: back the e-mails, said Gail.

This is a dangerous game to play in this day and age of spoofed
emails. I do not send spam to anyone, yet every day I receive bounces
suggesting that my email address is used as the 'from' line of
hundreds, maybe thousands of mail. If IBM decides to send me these
mails back instead of deleting them, they will be originating a denial
of service style attack on me, when I wasn't the perpetrator or the
innocent *sender*.

IBM can count on thousands of admins blocking all of the IBM domain/IP
space to avoid this headache. I hope their customers understand this
when they start to have problems reaching the rest of the internet.