ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: Asrg digest, Vol 1 #133 - 14 msgs

2003-03-28 10:32:27
from [Kee Hinckley] [Permanent Link] 
At 3:42 PM +0100 3/28/03, Markus Stumpf wrote:

On Fri, Mar 28, 2003 at 05:36:34AM -0800, James Lick wrote:

 The problem such a facility solves is to make spam forgery more difficult,


No, not really.
What is the probability to fake <name>@hotmail.com or 
<name(_at_)yahoo(_dot_)com>
and get a hit? I'd say if you do it halfway intelligent it's about 98%.
So you get mail from
    susan23(_at_)hotmail(_dot_)com
it gets verified by hotmail.com as existant.
What exactly help in this situation to eliminate spam?
1. It makes it more obvious to the clueless that spam is not legitimate. Sending email with a fake address is very different from sending email using someone's real address. 2. It gives us a better legal hammer with which to hit spammers. Damages are more clear (some of the early spam suits were of this type), and a number of existing laws come into play as soon as you send something while pretending to be someone else.
Nobody is claiming this will stop spam. However it will limit a certain type of abuse which is now extremely common.
In addition, such a mechanism has the potential to be used to verify that addresses entered on a web form are valid *before* they are sent email. I'm sure I'm not the only one running a domain that would greatly benefit from that check. 


 > This system is akin to rejecting non-existant domains from sending mail.
 > Easily circumvented.  Standard practice for years.  Idiot spammers still
 > using fake domains like crazy.  Not nearly as much as before, but it still

 blocks an awful lot of spam.


Yes. And now they fake existing domains.
Right. We've limited their return address options. Add the ability to check addresses and we limit them more. This seems like a move in the correct direction. 


We already have many of these techniques and they are used. A lot of
them can easily be circumvented. What do they help? Does the spam volume
decline?
Having thousands of sysadmins plugin nitty gritty tools will not solve
the problem.
Agreed. But the alternative is replacing them all with a new system. And that's not going to happen. So we work with what we have. 
--
Kee Hinckley
http://www.puremessaging.com/        Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Opt-Out Notes: too complicated, ignoring history, John R Levine
Next by Date:  Re: [Asrg] 7.c Mass Mailers, reliability, and lack thereof, pattib
Previous by Thread:  Re: [Asrg] Multiple overlapping solutions, Tim Kehres
Next by Thread:  Re: [Asrg] Re: Asrg digest, Vol 1 #133 - 14 msgs, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]