Friday, 1. April 2005
Korea responds
Following my piece about spamcop.or.kr yesterday I did what I said I would and submitted a fresh spam sample, only an hour or two old, which had been delivered to a spamtrap here via a compromised Korean home computer running a malware proxy.
I must say I was not optimistic but was surprised to have a direct, personal response from a senior security officer at the Korea Internet Exchange in Seoul only about 30 minutes later.
There followed a brief exchange of emails and my surprise turned to delight on being told of Korea's audacious plan to tackle the problem of Internet abuse there head on.
Internet service to all Korean subscribers is controlled almost exclusively by only 4 or 5 ISPs including Dacom, Boranet, Hanaro and Korea Telecom and this perhaps makes any new strategy a little easier to realise. These companies have joined forces to implement a plan which is expected to deliver within a 3-4 month timescale what ASTA promised and failed to deliver for a substantial number of large, western ISPs.
I must say I was not optimistic but was surprised to have a direct, personal response from a senior security officer at the Korea Internet Exchange in Seoul only about 30 minutes later.
There followed a brief exchange of emails and my surprise turned to delight on being told of Korea's audacious plan to tackle the problem of Internet abuse there head on.
Internet service to all Korean subscribers is controlled almost exclusively by only 4 or 5 ISPs including Dacom, Boranet, Hanaro and Korea Telecom and this perhaps makes any new strategy a little easier to realise. These companies have joined forces to implement a plan which is expected to deliver within a 3-4 month timescale what ASTA promised and failed to deliver for a substantial number of large, western ISPs.
- Every supplier of domestic IP connectivity, including connectivity to Internet cafes and the game plazas which are so popular in Korea, will implement a transparent proxy layer which will force all port 25 traffic to route through each supplier's own mail core. No more direct-to-MX on port 25.
Korean users who need access to SMTP MSAs as defined in RFC2476 will continue to be able to use port 587 for these purposes completely unencumbered.
- Additionally, a throttling mechanism will be used to limit the rate at which SMTP transactions may be completed via ISP's mailcores. This will include a daily cap of 100 emails per domestic IP.
- Sophisticated appliances not unlike Trend Micro's virus wall will be installed at major peering points in order to act as early warning of compromised domestic and similar systems and users of these systems will be automatically routed to a quarantine network with very limited capability until they have been cleaned up.
- It will become an offence punishable by a large fine and ultimately by disconnection from the Internet knowingly to continue to operate a compromised system for more than 72 hours after being notified.
- The main Korean ISPs plan to implement the All Korea Whitelist (AKWL) a DNS whitelist which will publish details of their mail cores. This will make it easier for sites outside Korea to select which Korean email they will accept.
- Business users will not have restricted port 25 access but will face similar penalties should they operate a compromised system for an extended period.
They will however be permitted to include their mail hosts in the All Korea Whitelist on completion of a six month probationary period with no incidents.
- ... and all Korean hosts sending email on port 25 will be required to have a valid DNS PTR record.
If Korea can do this, then so can everyone else but perhaps the sight of a pariah like Korea cleaning up its act will provide a new incentive for others to follow suit.
Category: Spam miscellany
Technorati: Spam miscellany
Comments :
1. Jon Johnston01/04/2005 08:57:46
Homepage: http://bingo.cbsol.com
Nice post, Chris, linked to it on my blog. I know you'll keep us updated, eh? 
2. Maria Helm01/04/2005 22:55:31
...a daily cap of 100 emails per domestic IP.
Ouch. I hope no US ISP ever decides to do that one. It may sound like a lot of emails, but divide that by a family of four, give one family member a business on Ebay and make one a teenager, and you've hit your limit before 10am!
Unable to post a comment? Please read this for a possible explanation...
-