ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Some data on the validity of MAIL FROM addresses

2003-05-18 18:55:04
from [Vernon Schryver] [Permanent Link] 
From: Michael Rubel <asrg(_at_)mikerubel(_dot_)org>



ad> Even worse, there is no proven connection between the spam and the
ad> hotmail/yahoo account which is allegedly the sender.  The data are
ad> entirely consistent with spammers using lists of verified email
ad> addresses to forge 'From:' lines.

vs> That would be make sense only if the number of hotmail/yahoo spam
vs> sender addresses were proportional to the number of hotmail/yahoo
vs> addresses among all targets of spam.




Wouldn't this objection only apply if you assume that spammers are
selecting MAIL FROM: addresses uniformly?  That is, if you assume each
address in their lists is given equal probability?


That's my point.  Spam source addresses are obviously not uniformly
distributed accross domain names.  Unless you make surprising
assumptions about spam target addresses, they are not uniformly
distributed accross those either.

Why is that?  It cannot be because free provider mailboxes are harder
to check for validity.  Many large corporate domain names give no
indication that an invented address is bogus during the SMTP transaction.
(Think about corporate MX servers and firewalls to see not only why
that is but why it must be, at least as SMTP is practised today.)

It also cannot be because free provider addresses are good sender
addresses for spam, because a noticable albeit small minority of
organizations are like Rhyolite Software and reject all mail
apparently from strangers at free providers.  If you're going to
pick a random domain name, it would be better to pick any of the
Fortune 1000 not associated with a free provider.

This issue seems like a minor nit until you notice how many proposed
spam defenses are based on the assumption that most spam is forged,
so that spammers cannot receive DSNs and spammers are not authorized
to use the sender addresses or SMTP clients they use.  For example,
if 90% of spam is forged, then RMX, C/R, and authentication schemes
could do a lot against spam (modulo their other problems).  If only
10% of spam is forged, then those schemes are limited to affecting
that 10% fringe, albeit a very irritating fringe.

Here if not elsewhere, circular reasoning is inadmissible.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Michael Rubel
Next by Date:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Michael Rubel
Next by Thread:  Re: [Asrg] Some data on the validity of MAIL FROM addresses, Michael Rubel
Indexes:  [Date] [Thread] [Top] [All Lists]