Re: [Asrg] "worm spam" and SPF

[Seth Breidbart <sethb at panix.com>]

Fridrik Skulason <frisk at f-prot.com> wrote:

> My own definition of "spam"

is a concept that makes spam-fighting worthless and undefinable.
Consider that spammers all define spam as what they don't do.  There
is one agreed definition (in the email area): Unsolicited Bulk Email.

> is pretty broad, not just UCE, but pretty much
> any unwanted crap in my mailbox.

If the bully who picked on you in fifth grade found your email address
and started picking on you in email, that would be unwanted crap, but
it wouldn't be spam.  On the other hand, "Jesus Is Coming Soon (Look
Busy!)" sent to 50 million email addresses isn't commercial, but is
spam.

>  In particular that includes worms as well as worm-generated bounces
> and other mail directly or indirectly created as a result of
> computer worm activity.

Unsolicited, surely.  Bulk, unless it's an individual worm (in which
case it isn't a worm), yes.  Email, yes.  Hence spam; no need for a
private definition.

> I have said before that universal adoption of SPF would kill off the
> current generation of worms (and that includes Sober.J)

1. "universal adoption" is part of being a FUSSP.

2. The next generation would just be more careful about who they
   claimed to be.

> * Some of the domains that send us those bounces have published SPF
>  records, which indicates they are aware of SPF, but for one reason
>  or another they have decided not to implement SPF checking, so
>  they continue to cause problems for everyone else with those
>  bounces.

At this point, strong SPF checking breaks too much stuff (especially
forwarding).

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg