ietf-asrg
[Top] [All Lists]

Re: [Asrg] Lets Fix Mailing Lists

2003-03-08 21:14:40
At 20:58 -0700 3/8/03, Vernon Schryver wrote:
 > From: "Chris Lewis" <clewis(_at_)nortelnetworks(_dot_)com>

 > If you believe as I do that the reason genuine mail forgery (as opposed
 > to using a legitimately owned Hotmail dropbox) fell off dramatically
 > a year or three ago is related to the laws criminalizing header forger,
 > then you don't need any crypto.

 We still get a heck of a lot of spam that claims to be from our own
 servers and/or users.  Thousands of spam blowback (spam forged in our
 domains bouncing back) too.

Again, for the umpteenth time, of course there is some header forgery,
but is it as much as most people claime?  I don't think so.  My guess
is that perhaps 10% of what most people claim is "forged" spam really
is.  10% of all of the spam in the world implies a "heck of a lot of
blowback and other noise.  Do you have any evidence that your heck of
a lot of forged spam is the majority or even a large fraction of spam?

My jihad in this area is to get people to stop using "forged" to mean
"sender domain differs from SMTP client reverse DNS".  That sloppy
language thinking is like using "douple plus super duper opt-in" for
"(confirmed) opt-in."  People use both sorts of language to mislead
and to try to justify positions that have no honest justification.

10% would still be a pretty big number.

If you create a mechanism that doesn't account for forgeries, then
forgeries will increase.

I absolutely don't believe that spammers are not forging because
they have some fear of law enforcement over a small matter of
technology... considering that their "products" are often themselves
illegal scams. More likely, mailers that reject unmatched forward/reverse
DNS are responsible for any changes there.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg