At 3:42 PM +0100 3/28/03, Markus Stumpf wrote:
On Fri, Mar 28, 2003 at 05:36:34AM -0800, James Lick wrote:
The problem such a facility solves is to make spam forgery more difficult,
No, not really.
What is the probability to fake <name>@hotmail.com or
<name(_at_)yahoo(_dot_)com>
and get a hit? I'd say if you do it halfway intelligent it's about 98%.
So you get mail from
susan23(_at_)hotmail(_dot_)com
it gets verified by hotmail.com as existant.
What exactly help in this situation to eliminate spam?
1. It makes it more obvious to the clueless that spam is not
legitimate. Sending email with a fake address is very different from
sending email using someone's real address.
2. It gives us a better legal hammer with which to hit spammers.
Damages are more clear (some of the early spam suits were of this
type), and a number of existing laws come into play as soon as you
send something while pretending to be someone else.
Nobody is claiming this will stop spam. However it will limit a
certain type of abuse which is now extremely common.
In addition, such a mechanism has the potential to be used to verify
that addresses entered on a web form are valid *before* they are sent
email. I'm sure I'm not the only one running a domain that would
greatly benefit from that check.
> This system is akin to rejecting non-existant domains from sending mail.
> Easily circumvented. Standard practice for years. Idiot spammers still
> using fake domains like crazy. Not nearly as much as before, but it still
blocks an awful lot of spam.
Yes. And now they fake existing domains.
Right. We've limited their return address options. Add the ability
to check addresses and we limit them more. This seems like a move in
the correct direction.
We already have many of these techniques and they are used. A lot of
them can easily be circumvented. What do they help? Does the spam volume
decline?
Having thousands of sysadmins plugin nitty gritty tools will not solve
the problem.
Agreed. But the alternative is replacing them all with a new system.
And that's not going to happen. So we work with what we have.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg