Just for the record, there are a some other observations bearing on
how many free provider sender addresses in spam are really forged and
that I've repeatedly failed to mention.
- in at least some samples, most spam uses free provider drop-boxes
as sender addresses, despite the fact that addresses at free
providers are more likely to cause mail to be filtered than other,
non-spammer domain names. (as I wrote recently)
- few if any free providers have terms of service that require mail
using their domain names be sent from their systems. Most free
providers intentionally or otherwise make it impractical to send
spam from their systems, but very few if any prohibit or even
discourage what some people mislabel "forgery" or using a free
provider sender address in mail sent from another domain. If
nothing else, this fact implies that many free providers would
oppose technical mechanisms to compare the identity of the SMTP
client with the SMTP envelope sender domain.
- many free providers have deployed mechanisms to inhibit the use
of computers to create accounts. That these mechanisms have been
needed proves that some users have been creating large numbers of
accounts. Who else but spammers, and why else except for drop-boxes?
- I've not counted, but I have noticed variations in the popularity
of various free providers in spam envelope sender domains. I've also
noticed that some free providers (e.g. Outblaze) are very much less
popular than other free providers (e.g. Yahoo and Hotmail).
Of course, incomparably better and more direct data for the question
would come from people with access to the account records of free
providers.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg