ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Let's start again at the beginning...

2003-05-07 10:32:21
from [Barry Shein] [Permanent Link] 

I realize it's very exciting to think you're each going to be the one
who is going to gain fame and glory by solving the spam problem.

But it's not going to happen unless one understands the problem, the
actual mechanics of spam. Just knowing some SMTP and DNS etc and
having gotten some spam isn't enough.

More importantly, for a group to make progress there has to be some
common vision of what problem they're trying to solve. This group
isn't there yet.

Towards that end I think we need to first stop with the instant eureka
aren't I a genius solutions and spend some time on a taxonomy of spam
and what a solution might look like, glib responses such as "spam is
email I don't want" and "a solution is getting less email I don't
want" aside.

For example, we keep making references to header forgery, envelope
forgery, etc, they're certainly aspects.

What about abuse of BCC, abuse of RCPT TO (sticking dozens of
recipients in the envelope not in the header), dictionary attacks,
spam zombies (machines infected with viruses which turn them into
unwitting spam relays), open relays, proxies, spam-friendly ISPs,
real-time blocking, DNSBL, DNS spoofing and poisoning, wire-fraud
laws, current state of anti-spam legislation, rules of evidence
regarding these laws and how technical changes might improve the
quality of that evidence, etc.

How much spam is actual commercial (even if low-quality) enterprise,
and how much is just script kiddies harasssing sites knowing that if
you call in law enforcement as soon as they see the words "penis
enlargement" they patronize you and explain what spam is and hang up?
And the script kiddies get to laugh their butts off. How might
anything we do here help distinguish between the two?

Or are we all so certain we're all so expert and accurate in those and
all the other issues that we just have it in our heads and wham-o a
solution is going to pop out?

Did you know that a typical lifetime of a spammer's web site is under
two hours? How exactly do they do that?

etc.

Or we can continue with the testosterone stench trying desparately to
distract from the ignorance.

Been there, done that, passed on the T-shirt.

-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Content filter abuse for censorship, J C Lawrence
Next by Date:  Re: [Asrg] seeking comments on new RMX article, J C Lawrence
Previous by Thread:  [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for Fighting Spam, Yakov Shafranovich
Next by Thread:  Re: [Asrg] Let's start again at the beginning..., Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]