On Wed, 5 Mar 2003, Vernon Schryver wrote:
What are the *detectable* differences between a spammer and a legitimate
mass mailer, assuming we can't read the minds of the recipients?
There are no such differences, detectable or not.
Then this ASRG is a waste of time.
] > This means that purely from
] > message contents and headers it is difficult to tell the difference.
] Exactly.
"Exactly"? Who blocks messages simply because they have List-Unsubscribe
and similar headers such as those listed in RFC 2369?
You misunderstood. I meant "Exactly -- it's hard to tell the difference
purely from message contents and headers."
I disagree, because many spammers work hard to remove bad addresses
from their target lists.
Really? Don't you think it's worth a shot to try to gather hard data?
If you're right, then my idea is no good. If you're wrong, then it is.
Unfortunately, without setting up a system to gather this data, we'll
never know.
Generalizations such as
"all spammers have lots of bad addresses in their lists" are as wrong
as "all spammers use open relays" or "spam involves forged headers."
I never said that. I said I believe that many spammers have lots of bad
addresses, simply based on how they obtain addresses in the first place.
Maybe you're right; I don't know. But we should at least try to find out.
I think the only way to detect spam runs is to examine passing mail bodies
and look for those that are substantially identical and therefore bulk.
Bulk != Spam. Any system to detect "similar but not identical"
messages can be thwarted if it uses a checksum scheme, and is too slow
to be practical if it uses more sophisticated message-closeness
measures.
--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg