ietf-asrg
[Top] [All Lists]

RE: [Asrg] Let's start again at the beginning...

2003-05-07 11:27:03
On Wednesday, May 07, 2003 1:32 PM, Barry Shein 
[SMTP:bzs(_at_)world(_dot_)std(_dot_)com] wrote:

I realize it's very exciting to think you're each going to be the one
who is going to gain fame and glory by solving the spam problem.

That may be a goal of some, not all.

But it's not going to happen unless one understands the problem, the
actual mechanics of spam. Just knowing some SMTP and DNS etc and
having gotten some spam isn't enough.

More importantly, for a group to make progress there has to be some
common vision of what problem they're trying to solve. This group
isn't there yet.

You are singing the same song I have been singing from the day I signed on to 
this RG.

Towards that end I think we need to first stop with the instant eureka
aren't I a genius solutions and spend some time on a taxonomy of spam
and what a solution might look like, glib responses such as "spam is
email I don't want" and "a solution is getting less email I don't
want" aside.

I agree.  There are several early threads with respect to that point.  In any 
event I include here at least my starting point for a description of the 
problem (it is not complete):

<INSERT>
On Saturday, March 29, 2003 10:52 PM, Eric D. Williams 
[SMTP:eric(_at_)infobro(_dot_)com]
wrote:
... if we are attempting to define 'spam' then
we should not get into a definition of content description.  Jim and Dave you
accurately point out that one man's garbage is another man's treasure but I
don't see how this approaches a definition of what 'spam' is.  I think I will
give it try.

SPAM - 1. Messaging in the MTS which violates best current practices for MTA
providers to assure proper canonical representation of it's originator. 2. A
message that does not reflect accurate information for its originator or that
is transmitted with simulated information nominally used to trace origination
[that's a tight squeeze as it ignores incorrect configurations].  3) A
message with fraudulent tracking information that is in fact flawed at
origination to obfuscate its origin.
<PAUSE>
I will interject here :

  4) A message that obfuscates the list of recipients by introducing
     multiple recipient addresses foreign to the receiving domain or
     unrelated to the primary recipient at the receiving domain within
     the SMTP transaction envelope.
</PAUSE>
SPAMMER - A user, company or other end entity that engages in introducing
SPAM into the MTS.

I think these may be a start because they do not address intent or
content of the message sent, quantity sent, transport used or who
receives it.  to me the basic problem is you have problems applying
any effective filters or blocks against it because of the improper
information used to construct it.
</INSERT>

For example, we keep making references to header forgery, envelope
forgery, etc, they're certainly aspects.

What about abuse of BCC, abuse of RCPT TO (sticking dozens of
recipients in the envelope not in the header), dictionary attacks,
spam zombies (machines infected with viruses which turn them into
unwitting spam relays), open relays, proxies, spam-friendly ISPs,
real-time blocking, DNSBL, DNS spoofing and poisoning, wire-fraud
laws, current state of anti-spam legislation, rules of evidence
regarding these laws and how technical changes might improve the
quality of that evidence, etc.

I think we could attempt to incorporate all of the into the existing taxonomy 
where they do not exist.  A review of the archives should expose that edition 
somewhere in the thousands of messages, or perhaps some one could provide a 
pointer to the most recent version (Paul?).

How much spam is actual commercial (even if low-quality) enterprise,
and how much is just script kiddies harasssing sites knowing that if
you call in law enforcement as soon as they see the words "penis
enlargement" they patronize you and explain what spam is and hang up?
And the script kiddies get to laugh their butts off. How might
anything we do here help distinguish between the two?

Maybe it's a typo but I am having trouble following you here.  In any event it 
may not be relevant to distinguish between the two (at the technical/prevention 
level) but development of a harassment criteria may be a worthy goal.

8<...>8
Did you know that a typical lifetime of a spammer's web site is under
two hours? How exactly do they do that?

Could you provide a pointer to the resource(s) where you gathered that 
information?  I would like to incorporate this type of information into a list 
of informative references.

Or we can continue with the testosterone stench trying desparately to
distract from the ignorance.

Been there, done that, passed on the T-shirt.

Indeed.

Regards,

-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg