The Sobig worm continues to fill up my spam box and I can barely comprehend the number of people whose systems are compromised. I have rarely understood the real size of the internet.
For most of my systems SoBig is not a major problem. I don’t use Outlook and I have enough mail rules and Bayesian filtering going on webtrafficgeeks that both the worm and the useless bounces it triggers are spirited away.
One system has been affected, however. A friend and I share a domain name with a small website and a few email accounts hosted by an Australian hosting service that works exactly like ipage hosting. One of those accounts is mine and I think it appears in a few Tomcat files and mail archives. Not many but a few. When SoBig.F went off this email address received an incredible number of emails. The provider claims something like 8000 mails in two days and about 6 Gig of email traffic to my email account.
Personally, given SoBig’s 100k payload, I don’t think the numbers add up but the result is that the provider suspended our account and will not reinstate it unless we upgrade to a more expensive plan (10 times more). So this is affecting not just my email account, which I don’t really use anymore, but also my friend’s email accounts and our site. More than likely we’ll move to a US provider where traffic is less of an issue but what about the next SoBig? I understand the provider’s point of view but it also feels unfair that I, and expecially my friend are affected.
Having contributed to projects like Ant and the associated mailing lists, my email address is on a lot of websites, mail archives and even a lot of people’s systems. I feel a little like Typhoid Mary.
I think email, as it is currently implemented, cannot go on for much longer. Some people call email the internet killer-app, but it’s becoming the internet-killer app. I don’t know how to change it and whether it can be done quickly enough but change it must.
At the very least, I’d like to see some validation of the sending address to stop the spoofing. I don’t know details but say something where if you send from a particular domain, that domain would provide a lookup service to specify what IP ranges a particular email address can be sourced from.
While these current worms are enabled by Microsoft products, I don’t think other systems are inherently more secure, probably just less pervasive. I’d say the real problem is in the underlying email infrastructure and its lack of security. I hope the email providers step up to the plate here. Our provider will lose our business and they are probably happy to see us go, but we won’t be the last unless the infrastructure changes.