technical capability:
... an actual human being ... or it maybe an automatic software
system like <example>.
trace:
... parse the headers and the message ...
shut down:
... ISP shut down their site or email address ...
How can this be useful for the mode Barry described:
One of the major sources of spam right now seems to be zombie robot
hosts, hosts who have had a virus injected into them which turns them
into unwitting spam slaves*.
So the spam is being delivered by 123-456-789-123-dsl-pool.telco.com
and guess what it seems to be from
xxxdvd(_at_)123-456-789-123-dsl-pool(_dot_)telco(_dot_)com
who assures you that anything from (don't make me type it again)
is indeed from (I'm just not going to type it again.)
Now what do you know?
I'm still where Berry left off. I don't see anything in humans, or pseudo
humans, headers and eventual administrative DoS that solves for "virally
acquired spam slave servers".
What I see would be useful for pursuing some advertizing network operator,
based upon some property of the cookies they play, as advertizing networks
don't (presently) utilize (and discard) "virally acquired" assets -- they
have to hang around for days, even weeks, so "unlawful twinkling" isn't a
win for them. I wrote a draft on that [1], it eventually became the cookie
processing mechanism in IE5.5 et seq, and in Mozilla 0.9 et seq. Trala.
The claim that you make after the reference to a famous cartoon [1] seems
to be to be one of forensics value -- you've posited logs, possibly quite
a lot of them, and how they are discovered, clustered, and reconcilled is
TBD, before they are deleted. That's hours, even days, after the local
event ended.
But then of course, all the spammers can move to China or some other
country where the ISPs will not care about the spam issues.
When I worked with CNNIC in the Summer and Fall of '01, one of the biggest
issues they had was overseas bandwidth cost arising from two bugs in one
product, and a business model involving two businesses and their partnership
which enhanced the bugs in the deployed product. It surprises me to hear of
the PRC and overseas-bandwidth cost insensitivity in one sentence. Knowing
the PRC legal system, and the seven or so primary operators, this is another
surprise. Deregulation, WTO entry, and Governmental policy of Convergence,
to the confusion of several Ministries, all make for non-determinism, but
North America is and has been pretty zooy for several years.
In sum, I see the use case offered being "the slow moving spammer", who is
already not among the "quick", and may as well be dead. The use case does
not "scale" as the spammer is allowed to be more agile.
Good solutions scale, not merely in the size of the system, but the temporal
properties of the system.
I think I've made myself as clear as I can, and I don't see anyone running
around with a checkbook looking for basic research on, or even simulating,
agile, hostile systems. Fortunately, we've got a large testbed network to
observe while it is exercised by ... agile, hostile systems.
Eric
[1] draft-jaye-http-trust-state-mgt-01.txt (expired)
[2] http://www.unc.edu/depts/jomc/academics/dri/idog.html
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg