ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?)

2003-05-29 15:12:28
from [Vernon Schryver] [Permanent Link] 
From: "Bob Wyman" <bob(_at_)wyman(_dot_)us>



...
      TitanKey claims that this tiny modification to normal C/R
procedure results in a "massive" improvement in the utility of challenge
and response systems since spamming software won't be able to
distinguish between real "user unknown" errors and the fake ones issued
by TitanKey. Since spamming programs typically respond to a permanent
SMTP error by removing that email address from the list of active
emails, you shouldn't ever receive more than one email from any one
spammer... Given that the "reply-to" addresses used by spammers are
usually false, the spammer will never see the challenge message which is
sent after the SMTP error is generated, thus, they can't do any analysis
of the challenges to determine which "user unknown" errors were "faked"
and which were real. 
...


That is based on assumptions that are dubious and possibly false:

   - I'm convinced that many "spamming programs typically respond to a
    permanent SMTP error by removing that email address from the
    list of active emails," but it is also clear to anyone with an
    SMTP server that many other "spamming programs" don't.  You can tell
    because many spammers keep banging away at the same non-existent
    addresses for years.  Where the balance lies today is a guess.

   - Only 48% of the 32,300 spam in my rolling 40 day log have
    Reply-To headers, but perhaps what is meant is the envelope Mail_From
    address.  It is an article of faith for many people that "most"
    Mail_from addresses are "false," but the evidence for that belief
    is thin.

   - Many spammers have no difficulty creating new domains and addresses
    as needed.  For example, for several months the workingwithwood/etc.
    porn spammer has been working off a stockpile of domain names
    created late last year at about 2 names per day.  Those spammers
    can receive and process bounces, challenges, and so forth, or not,
    as they please.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Re: Brad Templeton's C/R Guidelines, Eric Dean
Next by Date:  RE: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?), Barry Shein
Previous by Thread:  Re: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?), Yakov Shafranovich
Next by Thread:  Re: [Asrg] (Position): Successful anti-spam techniques must avoid software patents, Vern Paxson
Indexes:  [Date] [Thread] [Top] [All Lists]