RE: [Asrg] Re: Anti-spam laws do work, FYI. There's proof.

[Barry Shein <bzs at world.std.com>]

On July 28, 2004 at 22:44 larry at larryseltzer.com (Larry Seltzer) wrote:
 > I know this is a waste of time because you're right and everyone else is
 > wrong, but:

I don't see where a remark like this adds anything.

I have typed in a great deal of detailed, technical reasoning as to
why I have little faith in the value of SPF et al.

I find it a little offensive to be brushed off with that kind of
bar-room remark, but perhaps it was the best you could muster.

One thing I'm certain about is that I know a helluva lot more about
the technical and practical aspects of this problem than you ever
will. Probably more than the sum total of any room you've ever been
in.

 > >>SPF et al will limit [worms] to the verifiable sender domain of the
 > machine's owner (or, put more rigorously, owner's ISP.)
 > >>But they'll still be able to send to the whole address book, claiming
 > to be from the address book's owner.
 > 
 > Only if the worm can crack the user's SMTP AUTH credentials. And if the
 > ISP uses SMTP AUTH (no ISP who bothers to support Sender ID will not
 > support SMTP AUTH) then the worm is limited to spoofing the user whose
 > credentials it has cracked, not just any address in the domain. This
 > makes the infected system very easy to find. I think most people would
 > call this an improvement over the current situation.

That system is pretty damned easy to find right now.

Every mail message, right now, has a received header, it looks like
this (this is from a piece of spam hitting our systems right this
moment):

  Received: from 80-218-4-42.dclient.hispeed.ch (80-218-4-42.dclient.hispeed.ch
       [80.218.4.42])
      by world.std.com (8.12.8p1/8.12.8) with SMTP id i6T33Q7F016409
      for <REMOVED at world.std.com>; Wed, 28 Jul 2004 23:03:32 -0400 (EDT)

this means that this spam (Subject: you can get prescri ption meds
online, legally) was delivered to this machine from that specific host
at the time recorded.

What more identification do you need? I'm sure these hispeed.ch ISP
folks can, with a few seconds effort, come up with the entire account
record for this customer. Most likely his/her/its PC is infected.

But do you get my point?

NO ONE IS DOING ANYTHING ABOUT IT NOW.

So maybe the problem isn't IMPROVING IDENTIFICATION.

But maybe I'm wasting my time...etc.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg