To those of you who gave me so much grief about how the "bounce-mail"
exploit isn't a problem... there is another facet to it, that a spam
solution still must address.
This morning my inbox contains dozens of 100Kbyte
returned-as-undeliverable messages sent "from" an valid address that
nobody knows connects to me directly, but that's visible on one web
page... so it's not a directed attack but the random selection of an
address to use in a from: field. So yes, I have megabytes in my
inbox this morning.
In this case, it looks more like one of those Microsoft-favoring
email worms that's just gone active on lots of computers, not a spam,
today anyway.
The point was and is this, and i wish people would support the position:
- reverse attacks have many of the same characteristics as spam
- they are a delivery vector and an attack vector
- changes under discussion to deal with spam should consider this issue as well
- if all spam solutions work perfectly and this loophole were the
only remaining delivery method, then spammers would begin to use it.
You want to know how they think, read all about Alyx at
http://www.nytimes.com/2003/04/22/technology/22SPAM.html . They think
it's a game.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg