On May 30, 2003 at 17:30 vjs(_at_)calcite(_dot_)rhyolite(_dot_)com (Vernon
Schryver) wrote:
At any rate, I wholeheartedly agree that it'd be nice to come to a
meeting of them minds viz spammers' modus operandi.
A difference between spammers and the sun is that we know that spammers
have frequently changed in recent past. If you look at much of the
spam you've often complained about, you know that every week brings
at least one new spammer trick.
I agree 100%, or at least 87.345%.
For example, I've recently seen a
new variation of the familiar quoted-printable tactics of obscuring
domain names in bodies. The change looks like new spamware. There
was also the use of a dotted hex quad to hide IP addresses which is
new only in the sense that I'd not seen it for many months.
I've lately been seeing them rotating case of domains between msgs and
then base64 encoding that,
<A HREF="http://wWw.HoOp-dirECT.com";>
<A HREF="http://WwW.hOoP-DIrEcT.com";>
which makes it harder to just match on the base64 encoding.
Say that you did find that 87.345% (or whatever) of all spammers today
respond to 550's. Instead of sarcasm, please say what you would
conclude about next month. How much money would you bet on your answer?
Since World's mail queues are forever flooded with spam trying to
bounce back, mostly with User Unknowns, and never get anywhere since
the apparent returned host isn't interested my impressions are based
on a little more than hearsay.
We all so strongly suspect that *some* spammers don't honor 550s that
we know it. However, the fact that you see zillions of bounces is
not evidence for our common knowledge. As stated, your impression is
worse than hearsay, because it does not exclude other obvious explanations.
You are doing something bad by insisting that current knowledge about
something we know spammers could easily change and have changed is
the same sort of knowledge as whether the sun will rise tomorrow.
Worse is your demand for belief in your version of the ephemeris based
only vague references to your enormous experience and authority.
Please don't just mention your mail queues' floods, but say what you
see in a way that can be falsified.
It is a waste to try to stop what you wish spammers would do or what
they once did. If you want that uselessness, you could write a simple
filter to reject mail with senders considering of a 8-digit username
@aol.com. I trust you remember when most spam fit that profile.
Don't you have the positive and negative propositions swapped here?
I said I doubt handing spammers 5xx's is going to do much good in the
long run, probably won't do much good now either.
I think it's up to someone asserting that handing them 5xx's will do
some good to support their assertion.
In general it seems more conservative to assume that if there's an
easy way around a "block" (e.g., ignore those 5xx's) a spammer will
take it.
The only exception I see off-hand are gray-area spammers who might be
subject to IP blocking, or those who use spamhauses, or similar, so
are concerned about sites which block IPs when they produce too many
User Unknowns.
Anyhow, an empirical method to see if this approach works at all, not
that I see how it really fits in to the big picture (if you already
know it's spam and thus to respond with 5xx then the problem is solved
already, no?), has been proposed here now.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg