This is the Inventory of Problems document that was originally started by
Liudvikas Bukys. I've made some changes based on feedback from others and
myself. I thought that I sent this to the list after I sent the list of work
items, but I could not find it to refer to it. Liudvikas will resume
ownership of this document.
Evading accountability
- forging envelope sender
- forging From header
Exploitation of weak systems
- exploit open smtp relay
- exploit insecure web services (cgi formmail)
- exploit open proxies (HTTP CONNECT, HTTP)
Aggressive database generation
- directory harvesting (web, LDAP)
- name guessing & probing
- name guessing without probing [selling bogus data to others]
- inappropriate database sharing/selling
Inadequate opt-in
- no actual opt-in
- deceptive opt-in
- single opt-in without confirmation
Inadequate opt-out
- opt-out not implemented
- opt-out ineffective (pro forma removal from one list not all)
- opt-out untimely
- opt-out difficult to execute
- opt-out hostile (used only for address verification & enrollment
in even more databases)
Evasion of automated filters
- content randomization
- eyespace transformation
- misspelling
- punctuation and spacing
- substitution of visually similar characters
- html coding tricks
- slice&dice tables
- javascript-generated content
- font size/color/background
- mime multipart encoding
- inclusion of non-spam chaff (visible or invisible)
- content in images, not text
- content in other external links
Evasion of human caution
- fake DSN
- fake content resembling common cgi-to-mail
- "returned your call", "your account has a credit", etc
Not a real business
- spam as chain letter/pyramid, selling software and bogus data to
the naive
- spam as DoS attack, no real solicitation in content
False claims
- false claims regarding opt-in
Fraud & Crime
- Nigerian 419
- eBay password/credit card theft
- payPal password/credit card theft
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg