From: Eric Brunner-Williams in Portland Maine <brunner(_at_)nic-naa(_dot_)net>
> Spoofed spam is harder to trace, and thus harder to shut down.
This assumes a few things I don't know:
o what does "harder to trace" refer to, what is the technical
capability of the entity performing the tracing function?
o what does "trace" actually mean?
I personally use the SpamCop reporting service and by trace I will be using
the example of what SpamCop does - parse the headers and the message in
order to ascertain:
1. The path of transmission including the originator's IP address, and the
IP addresses of any of the MTA or gateways in between.
2. The IP addresses of the sites and email accounts mentioned in the message.
3. Finding out who the owner of those IPs is, or if that fails their
upstream provider, or their upstream provider, etc.
By "trace" I mean finding out who the entities responsible for the IP
addresses are. This is accomplished using WHOIS lookups on domain name
records and IP blocks, as well as tracert commands. This also includes
maintaining the contact information for different ISPs like SpamCop and
abuse.net do.
The "entity" doing this process would either be an actual human being like
a law enforcement agent or an ISP admin, or it maybe an automatic software
system like SpamCop.
"Harder to trace" means that it is impossible to do tracert or WHOIS looks
when the "From" and "Received" headers are false. As the result the
"tracing entity" ends up reporting and accusing the wrong people.This
accomplishes two things:
1. It throws off the ISPs and law authorities that are trying to find out
the sender by leading them down the wrong path.
2. It causes ISPs to ignore spam reports since so many are triggered by
false information.
An additional benefit to spammers also is the fact that the spam filters
will have a harder job detecting them.
o what does "harder to shut down" refer to
o what is actually being "shut down"?
and finally, if it were easier and well-defined and easier and well-defined
It means getting in touch with their ISP and make the ISP shut down their
site or email address. It also means alerting the admins of the hacked
computers and open relays to fix their problems. It also means getting the
FTC or FBI to prosecute them. And under the slowly increasing number of
spam laws, it means having the ability for the recipients to sue the
senders directly.
o would it matter?
If every spam message sent would be easily traced or come directly from
spammer(_at_)CyberPromotions(_dot_)Biz then ISPs can easily sue the senders, the LAE
can easier prosecute "Nigerian" scam people, and spam filters can easily
block spam.
Isn't every overt source an expendable asset with a finite TTL and a finite
delivery queue?
There is a famous quote from an old NY Times article: "On the Internet no
one knows if you are a dog". But in reality, every single spam message has
a physical person behind it who is sending it. Everything is logged
somewhere even if for a limited time. Even though they might be switching
from site to site, and from domain to domain, if we can get to the ISP logs
in time before they are deleted even though the original domain name or
site might no longer be there, the information gathered can still help us
somewhat.
But then of course, all the spammers can move to China or some other
country where the ISPs will not care about the spam issues. If that happens
I wonder how long will it take until the country's uplink is shut off?
---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research(_at_)solidmatrix(_dot_)com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg