From: Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com>
But it's not going to happen unless one understands the problem, the
actual mechanics of spam. Just knowing some SMTP and DNS etc and
having gotten some spam isn't enough.
More importantly, for a group to make progress there has to be some
common vision of what problem they're trying to solve. This group
isn't there yet.
Towards that end I think we need to first stop with the instant eureka
aren't I a genius solutions and spend some time on a taxonomy of spam
and what a solution might look like, glib responses such as "spam is
email I don't want" and "a solution is getting less email I don't
want" aside.
I definitely agree that we should first work on defining what spam is, how
it works and why do spammers love doing it (i.e. the economics) before
proposing a solution.
For example, we keep making references to header forgery, envelope
forgery, etc, they're certainly aspects.
What about abuse of BCC, abuse of RCPT TO (sticking dozens of
recipients in the envelope not in the header), dictionary attacks,
spam zombies (machines infected with viruses which turn them into
unwitting spam relays), open relays, proxies, spam-friendly ISPs,
real-time blocking, DNSBL, DNS spoofing and poisoning, wire-fraud
laws, current state of anti-spam legislation, rules of evidence
regarding these laws and how technical changes might improve the
quality of that evidence, etc.
As the ASRG charter states: "ASRG will not pursue research into legal
issues of spam, other than the extent to which these issues affect,
support, or constrain the technology." Our goal is to change technology,
not the law. But nothing stops us from making technical changes that can
"improve the quality of evidence".
Or are we all so certain we're all so expert and accurate in those and
all the other issues that we just have it in our heads and wham-o a
solution is going to pop out?
As several people mentioned before, no one expects an instant solution to
spam "to pop up". Rather our goal is to provide a combination of changes in
protocols, policy and such on the Internet that can help us reduce the
problem. This combination will probably consists of many tiny changes to
many things which when added up as a whole, can help with the spam problem
Did you know that a typical lifetime of a spammer's web site is under
two hours? How exactly do they do that?
Can you provide some sources for this information, I am doing some research
on it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg