At 05:46 PM 4/16/2003 -0400, Kee Hinckley wrote:
At 12:27 PM -0500 4/16/03, Brad Spencer wrote:
At 06:08 PM 4/16/2003 +0100, Jon Kyme wrote:
I don't see that there's what the charter calls "a realistic chance of
wide-scale deployment" for what you propose.
What evaluation of the chances have you done?
The simple fact that twenty million people are not going to set up a
system which can be easily defeated by a mediocre programmer in an afternoon.
Who said an afternoon?
Your entire concept depends on the assumption that the spammer won't be
able to tell that their email isn't being delivered.
The concept is to fight all aspects of the abuse spammers commit to send
spam using open proxies and open relays.
Yet detecting deliverability is trivial. You can do it with dummy addresses.
That requires that the dummy addresses be reliable and at the same time so
unremarkable that no honeypot operator will tumble to it. It is not as
simple as you say. In addition the concept is greater than that of simple
relay spam honeypots. I have been this year, mostly just trapping relay
tests. The spammers can easily detect that but their protection is to stop
testing. That makes that IP safe form the spammer no matter how it might
change. Do enough IP's in an entire range or protect the entire range at
the ISP level and the spammer can no longer abuse any of that range.
You can do it with test addresses that get the bounce-back. The fact
spammers don't do it now means only that you haven't done anything worth
their notice.
Yes, and a 3rd way you haven't mentioned (which would be wickedly clever
but I've already anticipated it.) So far many spammers do none of these
things, are not prepared to do any of these things.
We haven't talked about open proxy honeypots: those also combat spammer
abuse.
Please. You've made your case. Nobody buys it. When you have something
new to present, we'll be happy to listen.
Hell - let me know when ASRG accomplishes anything at all.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg