ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 5b. Opt-Out, 2nd version

2003-03-27 04:08:47
from [Markus Stumpf] [Permanent Link] 
On Wed, Mar 26, 2003 at 10:37:20PM -0700, Vernon Schryver wrote:

Why do some spammers curently test 10,000 arbitrary user names at many
domain names to see if they are valid with either Rcpt_To "vrfy" or
trial spam?


What evidence do you have they do?
I can't see this happen. We host about 10000 domains and we do log VRFY
commands. I see about one VRFY a day and and checking the session it's not
from spammers but someone using a telnet connection to speak SMTP and
playing around.

If you mean by verify that they use
  mail1.asp-platform.com:216.109.92.216 rejected:
    
<NOLIST-v1-2667199534-7346-78-ROBHERBER**BAYERN*NET(_at_)MAIL2(_dot_)ASP-PLATFORM(_dot_)COM>
    to <ROBHERBER(_at_)BAYERN(_dot_)NET>
this would mean that they care for the results. They don't. Although the
above inject results in a permanent error every time, they did exactly
the same sender/recipient pair about 70 times within the last 12 hours.
Probing would mean doing it once, ok maybe 2-3 times to be sure, but not
70 times within 12 hours or 208 times within the last 36 hours or 368
times within the last 60 hours

The last "massive spam attack" were about 5 million bounces where the
spammers used the same username as sender name they used for the recipient,
i.e.
    from        user(_at_)bouncevictim(_dot_)domain
    to          user(_at_)target(_dot_)domain
they didn't get the bounces back. We got them.
They simply don't care and why should they?

I have yet to see a reason why spammers should honor an opt-out list at all.
With snail mail it a massive cost factor, so "robinson lists" save a lot
of money for the sender.
With email nobody cares. And you will never get a law to enforce this
policy. And if you get it in country one they abuse it in country two.
And what worldwide resolutions/agreements mean this days can be seen in
tv and every newspapers for the last few days.

Discussing opt-out list strategies is IMHO a waste of time.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 5b. Opt-Out, 3rd version, william
Next by Date:  Re: [Asrg] 4b Survey of solutions and place in taxonomy of solutions, Teo
Previous by Thread:  Re: [Asrg] 5b. Opt-Out, 2nd version, Vernon Schryver
Next by Thread:  Re: [Asrg] 5b. Opt-Out, 2nd version, Chuq Von Rospach
Indexes:  [Date] [Thread] [Top] [All Lists]