ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for

2003-05-09 13:39:51
from [Eric Dean] [Permanent Link] 
However, what is of value is that we use the C/R as a probe to see if an
actual email address really exists.  When a spammer spoofs an

aol or yahoo

address..and use a bogus sender..we get an immediate

unknown-user reject..as

opposed to other systems that ingest the message and then bounce later
(bounce messages are of a type variety).  We actually drop a non-trivial
percentage of spam just by probing the sender's email address.


By this measure, how many of the addreses at free providers are invalid
when you test them?


I haven't looked at the percentage of valid email from free providers vs the
amount of email dropped as a result of the probe C/R...however, I have
looked at the percentage of spam that is dropped automatically (via the C/R
probe) vs that which is dropped manually by the user.  We drop approximately
half of the spam via the probes...however, it's somewhat trivial for
spammers to double their efforts.  We also see about 95% of senders are
validated by the users rather than via sender self-verification.

A couple of other interesting, yet intuitive, things we see is that
blacklisting spammers are all but useless.  Spammers most always use a
unique sender address to track successful delivery.  The only real people on
my personal blacklist are from legitimate solicitors that somehow think I
opted in for something.  For the most part, dropping the single spam and
blacklisting the spammer produce the same results.

I hesitate to say that we need to be careful not to get into a
anti-bacterial soap type of circumstance whereby we direct spammers to start
spoofing valid freemail accounts.  As with ant-bacterial soaps...only the
mutant strands of bacterial that are impervious to the chemicals survive and
spawn.  If we don't come forward with a bullet-proof method of ending
spam..then we probably shouldn't do anything at all.  If spammers start
spoofing valid sources, then our problems have puppies...until we wind up
with PKI everywhere.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Fwd: Re: Fwd: [Asrg] How many legitimate SMTP servers?, Yakov Shafranovich
Next by Date:  [Asrg] Law article - Legally Defining "Unauthorized" Computer Access, Yakov Shafranovich
Previous by Thread:  RE: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for, Vernon Schryver
Next by Thread:  RE: [Asrg] Washington Post: Earthlink to Deploy a Challenge-Response System for, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]