From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
....
http://www.oregonlive.com/business/oregonian/index.ssf?/base/business/105256787116000.xml
While reading that article, remember that sort of spammer is more than
anything else a pathological lier that cannot tell the truth, but that
thinks that it can always fool all of the world all of the time.
Nothing in that article is novel to anyone who has a few technical
clues, has seen some spam, and thought about tactics for pumping it
out. Every bit has been mentioned many times in the favorite newsgroup
of spammers (and spammer fighters), news.admin.net-abuse.email. It's
hard to say which of his statements in that article are partly true
and which are pure nonsense. I suspect there is wishful thinking in
some of the technical bits.
You might learn about liers and lying by listen to that sort of spammer
(if he's really a spammer and not a wannabe), but you won't learn
anything about spam that you can't find from far more reliable sources.
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
] From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
] ....
] Section 10.3.2 of RFC 2026 states as follows:
] ...
]
] Now we are not creating documents on the standards track but nevertheless,
] I think we need to clarify the patents/intellectual rights issues
] surrounding C/R systems. Perhaps we should solicit a comment from
] MailBlocks and the IRTF/IETF?
RFC 2026 is not binding on non-participants. It's not even clear how
binding it is on participants. Consider the court battle over the
Rambus patents. See http://www.google.com/search?q=rambus+court
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
} From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
} ...
} In the same vain, we can also have some tool look at outbound email at
} alert the user with a similar message when too many "spam-like" emails go
} through. Some kind of an outbound spam filter, although I am not aware of
} any in existence.
Several recent statements seem to suggest that ISPs can easily look
at the outbound email of their customers. That is true only of users
that do not send much email of any sort, spam or not, because they
use the sending MTAs of ISPs.
It's not impossible to sample some of the mail of users who buy
raw IP bandwidth and run their own sending SMTP clients, but it's
not exactly easy. You can can use packet snoopers or SMTP interception
proxies, but only if your terms of service allow (lest you violate
federal law) and only if your users don't use use SMTP-TLS with
properly shared certificates.
At least one well known ISP was at least at one time using a private
set of DCC servers and clients to detect unauthorized outbound bulk
mail and automatically squelch it in mid-spew. That works only when
the mail is funnelled through the ISP's computers.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg