[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Anti-spam laws do work, FYI. There's proof.

To: "Seth Breidbart" <sethb at panix.com>, <asrg at ietf.org>
Subject: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
From: "George Ou" <george_ou at netzero.com>
Date: Tue, 27 Jul 2004 17:58:38 -0700
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <200407272307.TAA19637@ietf.org> <200407272350.i6RNohF07602@panix5.panix.com>
Sender: asrg-bounces at ietf.org

----- Original Message ----- 
From: "Seth Breidbart" <sethb at panix.com>
To: <asrg at ietf.org>
Sent: Tuesday, July 27, 2004 4:50 PM
Subject: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.

> "Larry Seltzer" <larry at larryseltzer.com> wrote:
>
> >>>Spammers' primary methodology is using hijacked (infected) PCs as spam
> > zombies. All you'd know is the id of the hijacked PC, which you already
> > trivially knew.
> >
> > Except that SPF would stop all of these zombied systems. None of the
> > mail from them would authenticate. In a world where SPF is followed,
> > none of the mail is accepted.
>
> Except it wouldn't: spammer registers throwaway domains, points their
> SPF records at the zombies.  (It gets easier to block, by seeing which
> nameservers provide the SPF records, but it's still an arms race.)

The fact of the matter is, blocking an SPF/SenderID domain because of abuse
is a lot more broad in scope than blocking the hash of a single message, yet
DCC is already the most effective means of combating spam.  Why would you
not want a DCC type mechanism that blocks at the SMTP domain level once
SenderID is enforced?

And the same arguments of measure counter-measure go round and round.  Of
course it is an arms race, that is obvious.  Are you somehow suggesting we
not take this measure?  If not, why do you state the obvious?  We're already
behind in the arms race as it is.  Lets move on and get this SenderID ball
rolling and figure out the next step, rather than pontificate why SenderID
will ultimately not be strong enough by itself so why bother with it in the
first place.  That certainly isn't very productive.

George Ou

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Seth Breidbart

References:
- RE: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Larry Seltzer
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Seth Breidbart

Prev by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Previous by thread: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by thread: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Index(es):
- Date
- Thread