Re: [Asrg] [IP] do-not-email list canned

[Seth Breidbart <sethb at panix.com>]

gep2 at terabites.com wrote:

> >>>>I'm curious to know how a zombie machine will have a legitimate SPF, 
> CallerID, or Domain Key.  Are you suggesting each worm/virus infected zombie 
> will somehow register it's own legitimate domain and authoritative DNS server?  
>
> No.  Clearly they could use the mail authorization (and maybe even the mail 
> client) of the host computer they've infected.

Maybe, but not necessarily.  There are much nastier scenarios.

For instance, spammer owns SpamDomain.  He sets the nameservice via a
bunch of zombies so that several zombies are the DNS (SPF, etc.)
servers.  When another zombie is about to start sending, it
communicates with the servers, and its IP address gets added to the
list.  Then it shows up as an "approved sender" for SpamDomain.  Sure,
SpamDomain gets burned, but domains are still fairly cheap, and
spammers run through lots of them now.

> Comcast has what, six million subscribers?  AOL has more, and
> swbell.net probably does too.  And those users will be able to send
> via ANY E-mail server approved for use from the swbell.net domain
> (making Wong's SPF nearly worthless, for example).

What SPF does is protect _me_ because the spammer's zombie can't get
away with a claim to be _my domain_.  That helps me avoid bounceback
DoS.

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg