On Fri, 14 May 2004, Sauer, Damon wrote:
SMART PEOPLE!!! Lest we forget!
Computational load will NOT be a factor if there is less SPAM because of
it! Please tell me what your computational factor of processing spam is...
SMART PEOPLE!
Don't get confused into thinking that MARID will result in less SPAM or at
least that ordinary users will see its effects as far as their spam level
dropping. As I've recently commented at ASRG, the proposals discussed that
use Mail-From and EHLO are designed to address phishing and joe-jobs aspects
of it but will not have any significant effect on amount of spam itself.
I'm repositing what I wrote to ASRG on this recently as its on topic here
as well (sorry about double posting for those who have already seen it):
On Wed, 12 May 2004, der Mouse wrote:
...
SPF won't stop spam. CallerID won't stop spam. All they'll do is make
it a little more traceable, right back to the zombie which handed the
message to its outgoing smarthost - basically what we already have now.
No, neither SPF not CallerID will have any serious effect traceability of
spam by ip, they are not designed to do it at all. The only value in
SPF and CallerID and similar proposals is to stop spammers from forging
your own domain (joe-jobs) and banks and other important companies domains
(phishing) which might cut a little into criminal spammers revenue.
It will put a dent in it briefly, which will be trumpeted as a great
success,
Doubt that. The adaption can not happen that quickly as to allow to see
any results right away. Additionally the results are rather small as far
as spam itself is concerned, rather the results would be that spam filters
would have easier time picking up phishing scam emails, but out of all
spam, such emails account for < 5% of total and as such eventhough they
do greater damage to people who might fall for it, they will not be seen
in the whole context of increasing amount of different sort of spam that
people will continue to see in their mailbox.
Additionally given even most optimistic adaption rate of 25% of actively
used domains within 12 months, it gives enough time for spammers to adapt
as number of spammers is LOT smaller (on the scale of 1:100,000) then
number of mail server operators as well as number of spamware programs is
smaller then number of mail servers, but more important spamware writers
are quicker to adapt given how much money they get paid by largest spammers
(they only need to have couple large spammers pay them to have enough
monetory incentive to implement new feature where as for antispammer
software writers they need thousands to pay)
a dent which will last just long enough for spamware authors
to update their products to send to smarthost instead of direct to
target MX; new code will roll out and it will be business as usual.
They don't need to do it at all. All they need to do is to either forge
domains that do not have LMAP records (i.e. add code in their spamware
to do quick search for domains that don't have it before forging
something) or even to enter their own LMAP records using some throw-away
domains (nothing new to spammers, they have good skills at creating
through-away domains for spammer-advertised websites where lusers actually
place orders).
Nothing but action by the providers hosting the zombie armies will stop
spam, and probably even that won't truly _stop_ spam (though if the
large providers were to somehow miraculously get a collective clue and
take effective action, they could reduce it to tolerable levels).
Agree completely.
And as I noted one way to work on this problem is to identify which ip
blocks are used by lusers who are very unlikely to be running mail server.
i.e. MTA-MARK proposal or some kind of variant of that that puts LMAP or
like records in IN-ADDR space. Unlike every other LMAP proposal this
really does have potential to stop sizable amount of spam and it can
happen quickly enough that spammers may not be able to adapt immediatly
To have noticable effect of even 25%, all that would be needed is that
5 out of 10 largest dsl/cable providers enter these records and convincing
5 providers to enter something into dns is a lot easier and can happen
a LOT quicker then when we wait for same to happen to millions of domains.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net