[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Asrg] RE: 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks
I think you pose some very good questions, although much of your
questions are based on a incorrect assumption: that the "false-550"
spoof attempts to send an NSU message to the sender, which it does not.
If you hand-type an smtp transaction and attempt to send an email to a
known non-existent recipient you'll see what I mean.
So perhaps after you've gone through that exercise, you will see that an
NSU email is not sent to the recipient and you can restructure your
questions in a tighter context.
If you need clearer direction don't hesitate to email me off-list.
Peter
> -----Original Message-----
> From: Terry Sullivan [mailto:terry@pantos.org]
> Sent: Wednesday, August 06, 2003 11:19 AM
> To: asrg@ietf.org
> Subject: RE: [Asrg] RE: 2.a.1 Analysis of Actual Spam Data -
> Titan Key reduces spam attacks
>
>
> On Mon, 4 Aug 2003 06:41:50 -1000
> "Peter Kay" <peter@titankey.com> wrote:
>
> > I do believe that techniques using a
> > 550/NSU response are effective in truly
> > reducing spam...
>
> It'd be interesting to hear a focused, clearly articulated case
> identifying exactly how a "false-550" spoof could possibly affect
> spam volume. Ideally, the case should explicitly address the
> following points:
>
> I. The return address on the majority of spam is either:
>
> A. utterly nonexistent, consisting of either:
> 1. forged username (e.g., yxal88qz@sbc.net)
> 2. non-existent domain (e.g., Fred@NoSuchDomain.com)
>
> B. a legitimate address of an innocent party, pulled at
> random from the spammer's database of email addresses
>
> II. The false-550 notices:
>
> A. Cannot possibly be delivered to the nonexistent
> addresses identified in I.A, and therefore cannot
> possibly affect spam volume.
>
> B. Are deliverable to I.B addresses, but since the
> I.B recipients are not the source of the original
> spam, it's difficult to imagine precisely how the
> false-550 message would/could influence the amount
> of spam sent by someone else.
>
> III. The small fraction of bulk email that actually bears
> the spammer's true return address can be handled and
> eliminated without resorting to deceptive, high-volume
> automatically-generated email.
>
> There are also several tangential points that would be crucial in
> building a business case for the false-550 approach:
>
> 1. For every spam bearing a I.A.1 forged username, the
> false-550 approach generates, directly or indirectly,
> a minimum of 4 additional automated emails, thus
> effectively quintupling the burden on shared network
> resources. *Everyone* ends up paying higher costs
> associated with a 5-fold increase in unnecessary
> automated email.
>
> 2. When a false-550 message arrives in the InBox of an
> innocent 3rd party (I.B addresses), it constitutes
> an unsolicted, deceptive, automated email, whose sole
> purpose is to promote the vested interests of the
> sender at the expense of the recipient (i.e., SPAM).
> Individuals/organizations who send a false-550 should
> not be surprised to find that some folks think of them
> (and treat them) as spammers.
>
> 3. Every time a false-550 message is sent to someone who
> has attempted to undertake an innocent correspondence,
> the very act of replying with a *false message* impacts
> the sender's credibility. (It amounts to saying, "Some
> people take advantage of open communication, so here at
> XYZ Corp., we believe that every conversation with a
> stranger should begin with a lie.")
>
>
>
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
>
>
>
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg