At 05:46 PM 4/16/2003 -0400, Kee Hinckley wrote:
At 12:27 PM -0500 4/16/03, Brad Spencer wrote:The simple fact that twenty million people are not going to set up a system which can be easily defeated by a mediocre programmer in an afternoon.At 06:08 PM 4/16/2003 +0100, Jon Kyme wrote:I don't see that there's what the charter calls "a realistic chance of wide-scale deployment" for what you propose.What evaluation of the chances have you done?
Who said an afternoon?
Your entire concept depends on the assumption that the spammer won't be able to tell that their email isn't being delivered.The concept is to fight all aspects of the abuse spammers commit to send spam using open proxies and open relays.
That requires that the dummy addresses be reliable and at the same time so unremarkable that no honeypot operator will tumble to it. It is not as simple as you say. In addition the concept is greater than that of simple relay spam honeypots. I have been this year, mostly just trapping relay tests. The spammers can easily detect that but their protection is to stop testing. That makes that IP safe form the spammer no matter how it might change. Do enough IP's in an entire range or protect the entire range at the ISP level and the spammer can no longer abuse any of that range.Yet detecting deliverability is trivial. You can do it with dummy addresses.
You can do it with test addresses that get the bounce-back. The fact spammers don't do it now means only that you haven't done anything worth their notice.Yes, and a 3rd way you haven't mentioned (which would be wickedly clever but I've already anticipated it.) So far many spammers do none of these things, are not prepared to do any of these things.
Please. You've made your case. Nobody buys it. When you have something new to present, we'll be happy to listen.
Hell - let me know when ASRG accomplishes anything at all. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg