[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Is there anything good enough? - Spoofing stats

To: "'asrg@ietf.org'" <asrg@ietf.org>, Barry Shein <bzs@world.std.com>, Alan DeKok <aland@freeradius.org>
Subject: RE: [Asrg] Is there anything good enough? - Spoofing stats
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Wed, 7 May 2003 14:58:24 -0700
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

We have very similar statistics, spoofing is very common.

The reason the spam senders do it is that they do not want to
leave a trail.

Quite why it is worthwhile to send out huge volumes of spam
without any means of contacting the purported vendor cannot
be said with certainty at this point. I have theories but
I prefer to share them with law enforcement.

		Phill

> -----Original Message-----
> From: David Walker [mailto:antispam@grax.com]
> Sent: Wednesday, May 07, 2003 11:59 AM
> To: Barry Shein; Alan DeKok
> Cc: asrg@ietf.org
> Subject: Re: [Asrg] Is there anything good enough? - Spoofing stats
> 
> 
> With regards to spoofing being a minor problem.
> Out of 3130 denied messages 
> (to accounts I had to stop because they were receiving 100% spam)
>  @juno.com                                        |    36
>  @netscape.com                                    |    38
>  @email.com                                       |    40
>  @excite.com                                      |    50
>  @lycos.com                                       |    50
>  @earthlink.net                                   |    71
>  @msn.com                                         |    72
>  @yemenmail.com                                   |    93
>  @hotmail.com                                     |   241
>  @aol.com                                         |   298
>  @yahoo.com                                       |   311
> Total | 1300
> 
> 1300 out of 3130 = 41% of all my denies are very high 
> likelyhood spoofs from 
> the popular domains
> 1050 out of 3130 = 34% are guaranteed spoofs (The helo name 
> is not remotely 
> associated with the spoofed domain) from the popular domains.
> (These numbers do not represent all spoofing I receive but 
> rather just the 
> spoofing to popular domains)
> 
> So it doesn't look like a minor problem to me.  Sure it is 
> easy to avoid by
> 1. switching to domains that have not implemented RMX yet
> 2. by setting up your own domains
> but in the first case the DNS admin would have a tool to 
> fight them (he can 
> configure his RMX records) and with the second there is a 
> cost involved.
> 
> Assuming just the 11 domains and I implement RMX it becomes 
> useful as I could 
> receive messages from my friends and family that use those services.
> 
> On Tuesday 06 May 2003 05:26 pm, Barry Shein wrote:
> > No, the problem is that this spoofing is a minor problem and any
> > solution is easily evaded by spammers.
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
> 
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: RE: [Asrg] seeking comments on new RMX article
Next by Date: Fwd: RE: [Asrg] Let's start again at the beginning...
Previous by thread: RE: Consent (was Re: [Asrg] seeking comments on new RMX article )
Next by thread: RE: [Asrg] Is there anything good enough? - Spoofing stats
Index(es):
- Date
- Thread