ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] seeking comments on new RMX article

2003-05-06 17:06:03
from [Vernon Schryver] [Permanent Link] 
From: Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com>



...
Header forging is one method spammers use to hide their identity, but
they don't care a lot whose header they use. Sure, to some extent
these psychopaths tend to be drawn towards sticking xyz(_at_)bighost(_dot_)com
because why not?

But if that were made even slightly difficult they'd just use
xyz(_at_)anyhost(_dot_)com(_dot_)

They don't care, or not a lot. Sticking bighost.com in their header is
not very important to what they're trying to do, it's just another
annoying way they try to get you to look at their email.


That assumes a fact not in evidence, that spammers are attracted to
towards sticking xyz(_at_)bighost(_dot_)com in their headers.  From the headers
and envelopes I see, which are only few amounting to several 100/day,
spammers are drawn first to using free provider domain names including
small outfits.  Then they like AOL, and sometimes IBM.  They don't
use the domains of the rest of the Fortune 5000 more often than
anyhost.com.  (Yes, every day there are 10's and perhaps 100's of
1,000,000s of spam that violate this observation.)

I think they do this because using free provider drop-boxes is easy
and avoids breaking laws against fraud and some spam as well as civil
liabilities as in the Flowers.com case.

It's unwise to speculate on what they might do if it were not safe
and easy to use free provider dropboxes.  They never seem to do the
obvious, or at least not only what was obvious before they did it.
Besides, they all have distinctive styles and make unique choices.



I'm also wondering why this is better than signing envelope info with
something like PGP? Wouldn't the latter remove the need for the
real-time backtalk?


Have you looked at TEOS?  I'm told by reliable informants that the
real idea is quite different from the not even slightly interesting
or plausible stuff in http://eprivacygroup.net/teos/TEOSwhitepaper1.pdf


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] seeking comments on new RMX article, Bob Atkinson
Next by Date:  RE: [Asrg] seeking comments on new RMX article, Bob Atkinson
Previous by Thread:  Re: [Asrg] seeking comments on new RMX article, Michael Rubel
Next by Thread:  RE: [Asrg] seeking comments on new RMX article, Tom Thomson
Indexes:  [Date] [Thread] [Top] [All Lists]