That's not what I meant. I've long claimed that most of the addresses
used as envelope Mail_From values in spam are not "forged," but the
legitimate property of spammers. My claim would be supported if a
substantial number of the probes you send to Hotmail are not rejected
as invalid addresses.
I apologize for making general comments. All of our mail gets stored in a
database as well as all relevant statistics. Let me run some number and get
back to you. In general though, it's not difficult for a spammer to send a
million messages with a valid freemail account and a million with an invalid
freemail account. Any assertion we make today and design as an assumption
will certainly be thwarted by less than 3 lines of additional code for
shareware tomorrow.
That's interesting, but it seems to concern the effectiveness of C/R
as a spam filter. What do you mean by "dropped manually by the user"?
How can the target of mail drop spam before the C/R probing is complete?
Ah, yes. I'l try not to tout may warez but rather share our approach. When
we "quarantine" email, we send a C/R for users that have the function
enabled. In addition, we periodically send a digest of all email within the
quarantine database to the user. Often, we find that the user takes a
whitelist, blacklist, forward, drop policy decision before the sender
responds to the C/R.
Does that mean that your users white-list mail senders before the C/R
system gets a chance to try?
yes, or blacklist
Or perhaps after the C/R system has
tried and failed?
Also possible. If the C/R gets an SMTP reject, then we'll deep-six the
message automatically..assuming the reject isn't due to a valid reason.
Are you saying that that the C/R system in some
sense fails 95% of the time?
Depends on what you define as a failure. Our observation is that C/R is not
a panacea. People are not gravitating to it in droves. It's a nice tool
that has some nice capabilities...most of what I like is dropping bogus
senders moreso than dynamically adding self-verified senders to a whitelist.
That's much worse than even I would
guess, and I think C/R systems are hopeless.
I would say that alone, they have valueable but limited functionality and
only help with spam prevention.
That horse has left barn a long time ago. From my observations, spam
is less likely to involve spoofing valid sources today that it was
half a dozen years ago before the Flowers.com case and the many laws
against header forgery. The frequence of spoofed valid sources remains
signifcant, but ebs and flows as spammers come and go, the moon waxes
and wanes, and no one can know what else.
If there's a name for it..it means that someone else has done it...and a
spammer has done it a million billion times.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg