ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: Asrg digest, Vol 1 #133 - 14 msgs

2003-03-28 06:43:04
from [James Lick] [Permanent Link] 
On Fri, 28 Mar 2003, Markus Stumpf wrote:

Where is the problem for the spammer to set up an identification/validation
service for  hotjuicyspam.com  and answer all questions with "yes".


On the other hand, I could use such a facility to automatically say "no"
to any address verification for pleasure.com, a domain of mine which is
frequently forged and which I never use on outgoing email.  Bingo, no more
spam forged from that domain name.  If yahoo, hotmail and AOL deploy it,
you can no longer just randomly generate forged mail from that.

The problem such a facility solves is to make spam forgery more difficult,
and to force spammers into sending mail in a way that it can be tracked
back.  So my response to you is that your problem is actually a feature.
Whoever is running hotjuicyspam.com and merrily saying all addresses are
valid has just painted a huge bullseye target on himself making it easier
for me to reject his mail or take more extreme steps like suing him or
getting his connection yanked.

This system is akin to rejecting non-existant domains from sending mail.
Easily circumvented.  Standard practice for years.  Idiot spammers still
using fake domains like crazy.  Not nearly as much as before, but it still
blocks an awful lot of spam.

More serious aspects of such a system are that it may drive spammers to
forge spam from real addresses instead of fake, and that they may use such
facilities to do address verification or dictionary attack harvesting.

I would also like to say that I am disappointed in a lot of the criticisms
of spam blocking/prevention techniques.  A lot of people are rejecting
systems outright for having one or more flaws, when the system can still
be effective despite those flaws.  Rather, one should evaluate a system
not on whether it can be circumvented, but instead focus on the benefits
of making things more difficult for the spammers.  Even if it is just a
minor hassle to get around, it is still causing pain for the spammers.
Deploying many of these techniques in total means that eventually the
spammers are painted into a corner.

--- James Lick --- 黎建溥 --- jlick(_at_)drivel(_dot_)com --- 
http://drivel.com.tw/ ---
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Notes on Callback SMTP Transmission, william
Next by Date:  RE: [Asrg] Blacklist blackmail, Hallam-Baker, Phillip
Previous by Thread:  Re: [Asrg] Re: Asrg digest, Vol 1 #133 - 14 msgs, Markus Stumpf
Next by Thread:  Re: [Asrg] Re: Asrg digest, Vol 1 #133 - 14 msgs, Markus Stumpf
Indexes:  [Date] [Thread] [Top] [All Lists]