[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Re: Asrg Digest, Vol 5, Issue 1 valid address lists revisited

To: asrg at ietf.org
Subject: [Asrg] Re: Asrg Digest, Vol 5, Issue 1 valid address lists revisited
From: Jeff Silverman <jeff at commercialventvac.com>
Date: Wed, 01 Sep 2004 10:30:48 -0700
In-reply-to: <200409011712.i81HCFF0031459@angel.commercialventvac.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <200409011712.i81HCFF0031459@angel.commercialventvac.com>
Reply-to: jeff at commercialventvac.com
Sender: asrg-bounces at ietf.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114

asrg-request at ietf.org wrote:

From: Markus Stumpf <maex-lists-spam-ietf-asrg at Space.Net>
Subject: [Asrg] valid address lists revisited
To: asrg at ietf.org

I have stumbled over the idea of adress verifiers this morning.
The arguments against them so far have always been that spammers
could use those services to clean their lists or retrieve lists of
valid recipients.
Now, with the current situation wouldn't it be a benefit to have
a query service like

  Q:joe at example.com
  A:OK

  Q:joe at example.com
  A:F:jane at example.net

(The F: could mean "forward to jane at example.net aka send it there
instead of joe at example.com).

Currently, with all the spam networks of thousands of hosts, spammers
really don't care about hammering dictionary attacks against SMTP
servers (maybe it's just me, but I "feel" like they are increasing
recently). Giving them a chance to find out which addresses exist
would not really change much for the existing recipients or the targets
of dictionary spams but it would save all of us a big portion of
mail to non-existant users and a lot of bounces stuck in the queue
and also a lot of bounces to faked sender addresses.

Is "don't tell the spammers whether an address exists" still true
for todays situation?

	\Maex

Maex,

I think that the address verifiers should be transparent to the sender. So the question should be asked not by the sender, but by the receiver. So, if I send you a mail, your mail client should query the address verifier to see if jeffs at commercialventvac.com is a valid address. If so, then deliver it to you, otherwise drop it silently. The sender doesn't know if the message was delivered or not. True, the spammer could fake a valid address, but that's hard to do because he or she doesn't know what the valid addresses are. If the address verifier doesn't know about an address, then it can ask you. The address verifier can also do some additional checking, such as sending a message to the from address and see if it is valid, or use a Turing-difficult challenge/response system.

Also, I agree with you that the spammers seem to be increasing. Once consequence of this is that my maillog file has increased in size from about 1.0 to 1.5 MBytes/week. This morning, I had 50 E-mails to wade through, of which only 3 were legitimate. I realize that this is an academic mailing list, but I really wish to do violence upon their persons.

Jeff


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: Re: [Asrg] valid address lists revisited
Next by Date: [Asrg] SPF abused by spammers
Previous by thread: [Asrg] foto
Next by thread: [Asrg] SPF abused by spammers
Index(es):
- Date
- Thread