On May 6, 2003 at 20:18 eric(_at_)infobro(_dot_)com (Eric D. Williams) wrote:
No, the problem is that this spoofing is a minor problem and any
solution is easily evaded by spammers.
Please explain how.
Ok, first off by just not using an RMX-enabled host. Using zombie
hosts or open relays or mail proxies, spam-friendly ISPs, etc, that's
what I was thinking of when I said "evaded".
I just meant, as I said previously, sticking (e.g.) @aol.com may be
attractive to spammers but it's not important, they won't miss a beat.
No more than blocking open relays ever slowed them down. They
(apparently) have lists of hundreds of thousands if not millions of
useful hosts and can switch between them rapid-fire.
See, if one doesn't understand their MO's one tends to imagine them
only doing stuff that's easy and comfortable to think about.
Further, if the spammers want to have that cake and eat it too they'll
do what they're doing now and use lookalike domains like @yahooo.com
(three 'o's) or A0L.COM (zero), ok that one's owned by AOL but you get
my drift. Or aol-mail.com or @eartlink.com or @earhtlink.com, whatever
153,276 other combinations the public is likely to fall for with just
about the same exact frequency as they would fall for
phony(_at_)aol(_dot_)com(_dot_)
We're not going into a good space here with this RMX stuff.
As I said, RMX may solve some other problems, but it won't slow down
spammers, not more than a few microseconds anyhow.
Also, please address (if you are interested) the issue of framework and
architecture in proving a solution set. My thinking is Dave's paper on
control
points is a start.
I don't think we're ready to go there yet although I think Dave has a
good idea trying to lay out the terrain.
My message, as someone who has sat on the front-lines of all this for
many years, is:
a) Spam is more subtle than most people, even those who think they
understand it, think.
b) It's unlikely a technical solution will ever work.
What might be more productive, for example, might be working along
with legal experts on technical changes which might help provide
evidence in court cases against spammers and similar miscreants.
I think sending a "chilling effect" as they call it in law would help
a lot with this problem. These are cowards, not heroes, we're dealing
with.
But I dunno, I'm not even ready to commit to that. But it's going to
be some sort of interplay between technical/social/legal/legislative.
Unfortunately, each group tends to sit down only with their own
because that's the most comfortable environment (they understand each
others' language and more's) and proceed to bang out a solution mostly
centered on the sphere they are comfortable with (lawyers suggest
court action, techies suggest algorithms, legislators suggest new
laws, etc.)
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg