[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Anti-spam laws do work, FYI. There's proof.

To: "Barry Shein" <bzs at world.std.com>, "Larry Seltzer" <larry at larryseltzer.com>
Subject: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
From: "George Ou" <george_ou at netzero.com>
Date: Tue, 27 Jul 2004 21:08:38 -0700
Cc: asrg at ietf.org, "'Barry Shein'" <bzs at world.std.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <16647.6095.144106.617977@world.std.com><200407280313.i6S3DQ9I017005@TheWorld.com> <16647.7492.33917.392408@world.std.com>
Sender: asrg-bounces at ietf.org

----- Original Message ----- 
From: "Barry Shein" <bzs at world.std.com>
To: "Larry Seltzer" <larry at larryseltzer.com>
Cc: <asrg at ietf.org>; "'Barry Shein'" <bzs at world.std.com>
Sent: Tuesday, July 27, 2004 8:28 PM
Subject: RE: [Asrg] Anti-spam laws do work, FYI. There's proof.

> Replace the words in your message:
>
>  > SPF-compliant MTAs would reject the messages. Nobody would receive
them.
>  > The worm would not spread.
>
> With:
>
>  Rates are at a 40 year low! Go to getrippedoffnow.com for a
>  new mortgage! And buy some herbal viagra there too!
>
> Now how exactly does SPF stop you from sending that out?
>
> And what do you mean "worm"? What worm?

I believe the two of you are talking about 2 different things here.  This
too has been gone over many times.  You're talking about malware (or a
unscrupulous person) using his legitimate SMTP account to send spam.  Larry
is talking about armies of broadband enabled zombies that send direct SMTP
spam from their IP addresses over port 25 with it's own SMTP engine (which
make up the bulk of spam right now).  The issue is if and when the malware
(worm/virus/Trojan) harvests the cached SMTP password and uses the
legitimate SMTP account to send SPAM from the SenderID approved SMTP server,
what will stop that.  I think we're beating a dead horse on this issue and
Larry has even gone as far as writing an article about rate limiting normal
SMTP accounts to something like 100 an hour or no more than 200 a day (what
ever the numbers are).  Then if that is still being abused, it will be
easier to ask the ISP to block that account than to track down it's DHCP IP
address.  Not to mention that the account can be externally blacklisted.

It's obvious that in a post SenderID world, this will be one of the main
issues along with the cheap $8 a year domain names that spammers will buy
1000 at a time.  But lets get to that world first and deal with the
remaining issues, rather than beating a dead horse and making zero progress.
The question is not whether SenderID is the ultimate cure-all, but is it a
huge step forward.  Although the size of the step forward is debatable, I
think most of us agree that it is an important step forward worth taking.

George Ou

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Jim Witte
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Barry Shein

References:
- RE: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Barry Shein
- RE: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Barry Shein

Prev by Date: RE: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Previous by thread: RE: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by thread: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Index(es):
- Date
- Thread