ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Is there anything good enough? - Spoofing stats

2003-05-07 18:24:14
from [Hallam-Baker, Phillip] [Permanent Link] 
We have very similar statistics, spoofing is very common.

The reason the spam senders do it is that they do not want to
leave a trail.

Quite why it is worthwhile to send out huge volumes of spam
without any means of contacting the purported vendor cannot
be said with certainty at this point. I have theories but
I prefer to share them with law enforcement.

                Phill


-----Original Message-----
From: David Walker [mailto:antispam(_at_)grax(_dot_)com]
Sent: Wednesday, May 07, 2003 11:59 AM
To: Barry Shein; Alan DeKok
Cc: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Is there anything good enough? - Spoofing stats


With regards to spoofing being a minor problem.
Out of 3130 denied messages 
(to accounts I had to stop because they were receiving 100% spam)
 @juno.com                                        |    36
 @netscape.com                                    |    38
 @email.com                                       |    40
 @excite.com                                      |    50
 @lycos.com                                       |    50
 @earthlink.net                                   |    71
 @msn.com                                         |    72
 @yemenmail.com                                   |    93
 @hotmail.com                                     |   241
 @aol.com                                         |   298
 @yahoo.com                                       |   311
Total | 1300

1300 out of 3130 = 41% of all my denies are very high 
likelyhood spoofs from 
the popular domains
1050 out of 3130 = 34% are guaranteed spoofs (The helo name 
is not remotely 
associated with the spoofed domain) from the popular domains.
(These numbers do not represent all spoofing I receive but 
rather just the 
spoofing to popular domains)

So it doesn't look like a minor problem to me.  Sure it is 
easy to avoid by
1. switching to domains that have not implemented RMX yet
2. by setting up your own domains
but in the first case the DNS admin would have a tool to 
fight them (he can 
configure his RMX records) and with the second there is a 
cost involved.

Assuming just the 11 domains and I implement RMX it becomes 
useful as I could 
receive messages from my friends and family that use those services.

On Tuesday 06 May 2003 05:26 pm, Barry Shein wrote:

No, the problem is that this spoofing is a minor problem and any
solution is easily evaded by spammers.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] seeking comments on new RMX article, Hallam-Baker, Phillip
Next by Date:  Fwd: RE: [Asrg] Let's start again at the beginning..., Yakov Shafranovich
Previous by Thread:  RE: Consent (was Re: [Asrg] seeking comments on new RMX article ), Hallam-Baker, Phillip
Next by Thread:  RE: [Asrg] Is there anything good enough? - Spoofing stats, Eric D. Williams
Indexes:  [Date] [Thread] [Top] [All Lists]