ietf-asrg
[Top] [All Lists]

RE: [Asrg] define spam

2003-04-04 12:09:26
At 1:12 AM -0900 4/3/03, Kee Hinckley wrote:
At 8:06 PM -0700 4/3/03, Vernon Schryver wrote:
The disagreement concerns the existence of bazillions of people whose
free provider addresses are being forged into most spam every day.
I claim most of those people do not exist, unless you think using your
own address in spam is forgery.

I don't think anyone has claimed that spammers are forging the 
addresses of real hotmail users (at least, not intentionally).  The 
claim is that they are using *fake* hotmail addresses.  But yes--a 
few simple stats from Hotmail would resolve this argument.

I recently had my yahoo address "hijacked" by a spammer.  This proved to me
several things:  1)spam is getting more sophisticated, 2)spammers are
forging legitimate addresses (albeit unknowingly) 3) Yahoo's signup
mechanism is slowing signups for bogus addresses and 4)very few people reply
to spam.  I won't waste the groups time with lengthy descriptions for each
of these.  email me if you want details.

This being said, I think that the forgery problem has the potential to
become huge.  What if biffy the spam king decided to use ibm.com or doj.gov
as his source domain?  Would the repetition of such an event alter the UCE
problem?  I know that with the one(?) spammer that is using my yahoo address
as one of his/her source addresses, I've gotten ~1500 bounce messages in the
past 10 days or so.  A concentrated spam campaign using a specific source
domain could effectively cause a DoS against a small company that
administers its own mail.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>