US Military Looks For Massive Spam Solution 228
Several users have pointed out a recent request to technology companies from the Defense Information System Agency for ideas on how to build an e-mail defense system to catch spam. The solution would have to scan about 50 million inbound messages a day across some 700 unclassified network domains. "Defense currently scans e-mails for viruses and spam coming into systems serving the military services, commands or units. DISA wants to extend the protection to the interface between the Internet and its unclassified network, the Non-classified Internet Protocol Router Network. The agency also wants the ability to scan all outbound e-mails from the 5 million users. [...] DISA's request ties in with recommendations that the Defense Science Board issued in April that said Defense is more vulnerable to cyberattacks because of its decentralized networks and systems. The board envisioned a major role for DISA in developing the architecture for enterprise-wide systems."
Re:Only one way to be sure (Score:5, Insightful)
Nuke spammers from orbit.
But then how will I be able to refinance my mortgage while getting that penis enlargement using the money I won in the British lottery?
I'm convinced that the only real solution to spam is to find the people who are stupid enough to buy the products offered via spam and beat the ever living shit out of them. The spammers wouldn't keep doing it if people didn't keep buying their shit.....
Re:Router level solution (Score:3, Insightful)
Re:Router level solution (Score:3, Insightful)
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Infrastructure costs that are involved in deep packet inspection on the core routers
(X) Privacy concerns in letting ISPs perform deep packet inspection on the core routers
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
In other words ... (Score:4, Insightful)
NOT!
Here goes another few hundred million .... *sigh*
If we really believe in taxation without representation then my unborn baby should be able to vote already ...
Re:Router level solution (Score:3, Insightful)
Whats the difference between legitimate listserv messages and spam in your scenario?
Re:Why bother with an IT solution? (Score:4, Insightful)
I'm constantly stunned that given the damage spam creates, special branches aren't more active in tracking and _eliminating_ the sources of these things.
But no one yet understands the damage spam creates except for those of us with an IT bent. Back in WWII days and directly after, Radiation was your friend. It could do everything for the man of tomorrow! The first people to learn how dangerous it really was were the scientists getting really bad radiation poisoning and cancer. Even after that, it took a while for the public to switch from Radiation==Good to Radiation==NotGood, and even then, they over-simplified to the point that people still fear irradiated foods (which are not radioactive).
What we need are some public service announcements: "Unrequested mass mailings use our nation's internet bandwidth, reducing our GDP, making it easier for the terrorists to win, and have a carbon footprint equal to 5,000,000 cattle, a Rush Limbaugh, and a Michael Moore. You can do your part to help! Change your email default viewing to 'text only' so you don't load their images. Stop clicking on their links. Send them to your junk folder. Report them if your email system has a spam-reporting function. Like Spamsy the Cat says: 'I may be lazy, but even I can stop spam just by doing nothing!'"
Uh, we scan about 50 million messages a week. (Score:5, Insightful)
9 servers. 50 million messages a week. Those 9 servers cost maybe $3,000 each. We have 9 servers because we want some redundancy. So let say you multiply that by 7. So you get ~50 machines to handle the army's volume. $150,000. Plus all the extras, so multiply that by 6. That's about a million dollars.
Seriously? From the article they say it would cost $100 million. Do you really think that is going to cost $100 million dollars? Seriously?
WTF. I need to become a DoD contractor.
Kill The Spammers (Score:3, Insightful)
Nope, try again. (Score:3, Insightful)
Then I cut off you. After all, you didn't pay. Now no one on my network can email anyone on yours.
Back to the old drawing board.
Re:Only one way to be sure (Score:3, Insightful)
You assume that spammers have a network to attack. I assure you, they do not. All this spam is coming from large networks of zombie machines. To launch a cyberattack on the source of the spam would effectively be a scorched Earth tactic. It might get rid of your spam, but it will also get rid of the architecture you're defending...
Re:Only one way to be sure (Score:5, Insightful)
In which case the proper word would be indefinitely.
Something that lacks a definable limit is not inherently infinite.
Re:Uh, we scan about 50 million messages a week. (Score:4, Insightful)
Ok, now you can't just stand up 50 machines to handle email. They have to be coordinated (and load-balanced).
Plus you have to have test and dev boxes. (Because you aren't doing that on live boxes, right?)
So, lets add a few high-end ethernet switches in. And don't forget things like DNS boxes (to cache, so you have decent performance for all the DNS lookups most spam systems do these days), and a few really high-end firewalls. Oh, and racks to mount these all in, plus cabling. And a power supply. (Not the ones in the boxes, the one outside the building converting the mains power to 110. You'll need at least one extra.) Oh, which reminds me: Better have a backup generator. And a failover UPS for the whole place.
Heck, you may need a new building to put all this in. Which will need an HVAC system, of course.
Oh, and those machines won't run themselves. So you'll need to hire a few people; fairly qualified admins.
Which mean they need desks, computers, monitors, chairs, phones, pagers, possibly laptops.
And it's a decent-sized team, so remember to fund their manager, and possibly an HR person for them too.
We haven't mentioned the actual data line yet. It's going to have to be a big one, probably installed especially for this. Oh, and you'll want it redundant. So, make that two. (And better remember how much it is going to cost just to negotiate for those lines: That's several man-months of time, most likely.)
Of course, we haven't talked software yet: Likely you'll want Unix/Linux, but for this you'll probably want an official support contract. Which covers the OS. We'll also want one on whatever anti-spam package we are using. And possibly one on a monitoring package, to help keep track of when it is up. There may be others as well.
Oh, and for full redundancy, you'll probably want to set up at least two separate sites. So, double most of the above. (We'll use the same admins for both.)
Hmm. Haven't talked backups yet. That's probably going off-site. A few more computers, a tape machine, off-site transport, admins to run all of it...
So, um, how long is that $100 million supposed to last for anyway?
Re:Only one way to be sure (Score:1, Insightful)
given that you are stating that using finite time and resources spammers can send an infinite amount of emails, then I'd say that you don't really know what "infinity" means. Either that or you don't know what "literally" means.
Last time I checked, finite but very large is still a lot smaller than infinite.
Re:Only one way to be sure (Score:1, Insightful)
Queue the flood of responses saying that ISP should not be the Internet police, blah blah blah. It will only serve to help them, by lessening the amount of traffic going across their data lines, leaving more bandwidth available for legitimate web traffic. Hell, they could even make it an opt-in service, so that the user gets the choice of whether or not they want to help solve the problem of Internet Spam.
Re:Only one way to be sure (Score:1, Insightful)
No it can't, there is no number large enough it "might as well be infinite".
Re:Only one way to be sure (Score:2, Insightful)
Some more basic math: zero != near zero
Some basic physics: Spammers *cannot* send literally infinite numbers of spam messages, for any cost.
Some basic economics: "very little cost" != "no cost".
Some basic statistics: You don't get to determine the actual response rate by dividing actual responses by the potential number of messages you claim they *could* send, even if that number was somehow right.
Some basic logic: The fact that your argument gives a particular conclusion (namely, that 1 or more sales out of an infinity of attempts is a 0% response rate) does not mean that the converse holds (namely, that a 0% response rate means that there was 1 or more sale).