[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Re: SPF abused by spammers

To: Barry Shein <bzs at world.std.com>
Subject: Re: [Asrg] Re: SPF abused by spammers
From: David Maxwell <david at crlf.net>
Date: Wed, 15 Sep 2004 10:31:52 -0400
Cc: asrg at ietf.org, "Peter J. Holzer" <hjp-asrg at hjp.at>
In-reply-to: <16711.44610.128081.384770@world.std.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <200409101505.i8AF5Sj05835@panix5.panix.com> <16706.12881.679577.686447@world.std.com> <200409102325.i8ANPCP19518@panix5.panix.com> <16706.19961.920566.498294@world.std.com> <4142CBC5.7060707@astrum.ch> <16710.4770.916959.82698@world.std.com> <20040913231708.GB847@teal.hjp.at> <16711.23688.914358.677674@world.std.com> <20040914222012.GA19599@teal.hjp.at> <16711.44610.128081.384770@world.std.com>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.4.2i

On Tue, 14 Sep 2004, Barry Shein wrote:
> On September 15, 2004 at 00:20 hjp-asrg at hjp.at (Peter J. Holzer) wrote:
>  > Why should they? No legitimate user would want to send mail as
>  > johndoe at ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr, because he will
>  > never be able receive an answer (assuming that this is an address in a
>  > dynamic address pool). The legitimate user will send want to send mail
>  > as johndoe at wanadoo.fr, or maybe johndoe at bordeaux.wanadoo.fr.
> 
> Well, of course that's sensible, but the point really is that there is
> little difference between hijacking your PC and just breaking into
> your house and sitting down at your PC, as far as detectability of
> intent goes.
> 
> So, if the ISP allows your PC to do direct delivery and will ACK your
> SPF (however one might say that) then a zombie program on that PC will
> be ACKed also.
[...]
> The point is, if wanadoo.fr's servers will ACK for that PC when the PC
> tries to send from johndoe at wanadoo.fr then it'll ACK for a zombie
> program running on that PC also.
> 
> AND, I contend, there'll be millions of such PCs (infected or not.)

If the ISP requires all mail to go through their servers, it's trivial
to detect an upsurge in number of emails from a particular sender. This
change (in concert with SPF, or other RMX method) would limit the number
of spam message sent to the number of legitimate emails sent. I know
many users who receive a 20:1 or higher spam ratio, so this would be a
significant reduction.

If the ISP doesn't require all mail to go through their servers, the
same limiting could be accomplished by having routers count outgoing
SMTP SYNs.

Current routers aren't optimized to do that, so requiring use of the ISP
mail servers is easier - but either way is possible.

-- 
David Maxwell, david at vex.net|david at maxwell.net -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Re: SPF abused by spammers
  - From: Seth Breidbart
- Re: [Asrg] Re: SPF abused by spammers
  - From: Barry Shein
- Re: [Asrg] Re: SPF abused by spammers
  - From: Seth Breidbart
- Re: [Asrg] Re: SPF abused by spammers
  - From: Barry Shein
- Re: [Asrg] Re: SPF abused by spammers
  - From: Matthias Leisi
- Re: [Asrg] Re: SPF abused by spammers
  - From: Barry Shein
- Re: [Asrg] Re: SPF abused by spammers
  - From: Peter J. Holzer
- Re: [Asrg] Re: SPF abused by spammers
  - From: Barry Shein
- Re: [Asrg] Re: SPF abused by spammers
  - From: Peter J. Holzer
- Re: [Asrg] Re: SPF abused by spammers
  - From: Barry Shein

Prev by Date: Re: [Asrg] standard for antispam
Next by Date: Re: [Asrg] Re: SPF abused by spammers
Previous by thread: Re: [Asrg] Re: SPF abused by spammers
Next by thread: Re: [Asrg] Re: SPF abused by spammers
Index(es):
- Date
- Thread