From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
For you, but not for me or the next person. More than a few people
complain about spam from microsoft.com.
I have yet to see spam from microsoft.com that was not forged.
Search news.admin.net-abuse.{sightings,email} and you'll find reports
about mail that was not forged in any sense and by people who do not
seem to have a habit of lying.
I wrote about other people's reports instead of my own experience,
because the Microsoft spam that has hit my traps has been from
bcentral.com, bcentralhost.com, listbot.com, and listbuilder.com.
You seem to be determined to preserve the status quo here. You
don't want any mechanism to make consent an empirical fact that
can be checked independently of claims by microsoft or the
recipient.
I think you know that is false statement.
You deny that forged headers exist,
You know that is a false statement.
on what evidence I have no
idea. ALL the spam purporting to come from hotmail that I have
checked has been forged. That is 100%, not 10%. Same for yahoo.
How do you check to see that a message with Hotmail or Yahoo envelope
or header From value is forged? That the IP address of the SMTP client
sending the message is not Yahoo's or Microsoft's does no imply anything
about the question. That the IP address is that of an open relay or
proxy also does not say whether the headers are forged.
I have checked 20 odd messages already, so someone do the poisson
thing and work out the highest percentage microsoft is likely
to be sending at a 95% confidence, no 90% confidence interval.
I bet it is not very high.
Unless you have contacts inside Yahoo or Hotmail who can check
whether a given mail address was ever assigned to a given spammer,
you cannot compute honest statistics.
Bouncing a message of a Yahoo or Hotmail address found in spam only
shows that the address is now invalid but implies nothing about forgery.
When you leave a hotel, your previous use of the hotel's U.S.Postal
Service address does not retroactively become forgery. Similarly,
when Hotmail cancels a spammer, the spammers' previous use of its
Hotmail address does not retroactively become forgery. Moreover, its
continued use of a cancelled Hotmail adderss is not really forgery,
at least not for a few days, unless you can show it knows its account
has been cancelled.
What positive or constructive contributions do you intend to
make to this debate? Or do you intend to simply sit back and
snipe at any evil commercial organization that tries to do
something about the problem?
Yes, things would be more positive if you would stick to the facts
instead of claiming that
- Verisign has had anything to do with securing credit card numbers
on the Internet in "PKI has been a success in the e-commerce
space. I do not know of any case where a credit card number
was stolen from a communication over the wire."
- PKI for email clients has not done well partly "because of the
unfair advertising advantage that the FBI gave to PGP."
- C|NET is an ISP that wants its mail to get delivered.
- advertisers such as C|NET have standing to demand that their
advertising be delivered.
- "SPEWS recently listed the whole of UUNET."
- "You can't whitelist on the sender address domain unless you have
authentication."
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg