ietf-asrg
[Top] [All Lists]

RE: [Asrg] TitanKey and "white lies"... (Faking SMTP hard errors "improves" C/R utility?)

2003-05-30 21:03:54
On Friday, May 30, 2003 12:03 AM, Vernon Schryver 
[SMTP:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com] wrote:
From: "Eric D. Williams" <eric(_at_)infobro(_dot_)com>

...
Barry again inserts (to me) an interesting point on 'spamming' tools e.g.
zombies and robots; introduced by surreptitious or malicious means e.g.
viruses.

Yes, it was an interesting point.

    I think there may be evidence, however, that these 'spamming' methods
do use clandestine communications channels to other compromised (or not)
systems to 'peruse' economically unproductive distribution.  I still think
the best way to a proof of this is to obtain some code for forensic 
analysis.
 If there is some [code] available I think that would be a valuable 
activity to
 engage. ...

I do not understand that.  If you found some code and figured it out,
you would know at most what some spammers may have done in one case.
You would not know what other spammers or the same spammers might do
tomorrow.  If you failed to find any such code, you would only know
that you had failed to find such code, and could not conclude anything
about what any spammers did yesterday or will do tomorrow.

That may be true (speciously however), what you would know if you could obtain 
such [code] is a present starting point for 'spammer adaptability' using 
particular tools.  You could, I think, infer some metrics from whatever results 
you could derive and gain insight into the paths presently available for 
further adaptability.

I don't see the point of such a forensic analysis.  This group is not
trying to convict a crook, fix a cause of death, figure out who did
what to whom, or any of the usual reasons to "[apply] scientific
knowledge to legal problems"
http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=forensic

This is not the only reason for 'forensics' - forensic analysis is also 
presenting information as a predicate for public debate.

Better is to
  - discover the nature of the environment,
      Does AOL automatically blacklist IP addresses after a bunch
      of bad recipients?

A good question.

  - figure out the resulting pressures on spammers and spamware,
      Bad entries in target lists hurt spammers that want to hit AOL.

I would add how/in what technical framework (given the present state or 
sophistication of technology) does this impact 'spammer adaptability' and 
spamware?

   - predict the results of those pressures,
      Spammers will tend to honor 550s if they like hitting AOL.

That is one prediction, but it lacks the insight into the technical 
adaptability of 'spamware', to me that a 'spammer' would do something is 
rightly pointed out in your previous bullet "the ... pressures on spammers and 
spamware" the so called pressures would not IMHO be limited to a single 
recourse, e.g. "Spammers will tend ...".  It may be "Spammers will opt for menu 
selection number 4 - address mirroring, correlation attack"

   - check of that prediction.
      Do few, some, or many spammers that like hitting AOL honor 550s?

Unknowable, unless you are a 'spammer'.

The code I wrote yesterday is related to the code I'll write tomorrow
only by my style and general interests.  If I hear of a good idea,
I'm likely to apply it.  I often abandon code and ideas that seemed
good yesterday in favor of new code because of new ideas, changing
requirements, or mere boredom.  There's no obvious reason why spammers
don't do the same.

That is an interesting point, however whatever coding style you choose would be 
engineered to solve a problem.  That is the goal of forensic analysis in this 
case by my estimation - through public discourse to determine the challenges 
for spammers and the available architectures to address them (their code should 
reveal the engineering problem they are trying to solve, style is irrelevant). 
 IMHO, we may benefit from knowing what problems the 'spammer' really is 
facing, and by that architect countermeasures based on that problem space.

Still, if you want spamware, there's plenty available.  No great
sleuthing is needed.  Ask one of the people in news.admin.net-abuse.email
who spends time talking to spammers for an introduction to the "bulk
barn" and similar forums, and then blandly ask for software, without
mentioning why you want it.  I'd probably start by asking
Shiksaa(_at_)spamhaus(_dot_)org(_dot_)  Steve Linford might also have some 
valuable
pointers.  Or check the Spamhaus and Sapient Fridge's spamware sites
listing; see http://www.spamfaq.net/spamfighting.shtml#halls_of_shame
Or look at the ads for spamware you get with
http://groups.google.com/groups?q=spamware+list+group%3A*abuse.email

Once again Vernon thanks for the pointers to information.  Do you think it 
could be determined whether the 'readily' available software is the same that 
is utilized by the small number of 'serious' spammers?

-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg