-----Original Message-----
From: Barry Shein [mailto:bzs(_at_)world(_dot_)std(_dot_)com]
Sent: Monday, July 07, 2003 7:12 PM
To: Dave Crocker
Cc: Paul Judge; 'asrg(_at_)ietf(_dot_)org'
Subject: Re: [Asrg] 2. - Spam Characterization - Possible
Measurements (wa s : RE: Two ways to look at spam)
Well, there's one characterization from measurements
mentioned which spammers can't adapt to and that's their
location (in)stability in IP space.
This relates to the idea that the only reason spammers can
operate effectively is because they exploit thousands of
hijacked computers which gives them location mobility (not
geographic but in ip space.)
If this can be shown to be true via measurement it leads to
the conclusion that perhaps the problem with spam is not what
leads to this idea of a "consent" framework as originally
proposed in this charter, but, instead, shows spam is almost
entirely a security problem.
The consent framework does not contradict that spam is a security problem. I
believe that the unauthorized use of resources (for sending messages as well
as those of the recipients) are grounds for that statement. Additionally,
the potential disruption in availability is another reason for such a view.
While one path is to focus on the 'security' of the hijacked computers, I
think that we have learned over the years that they will continue to find
new means of injecting their messages into the system (relays, dialups,
hijacked machines, proxies, webforms, free mail services, etc.).
Therefore, it seems that while some focus on each of these makes sense,
overall we should maintain the broader view of the problem. For example, you
mentioned that spammers exhibit an instability in the IP space. Is there a
way to measure this relative to senders of wanted messages? Can this
relationship be used to detect new sources of unwanted messages or to
determine stable sources of wanted messages? This is useful in the
prevention of unwanted messages and the preservation of wanted messages.
Such a heuristic could be part of reputation system.
Spammers can't adapt their way out of this observation
because that would mean they'd have to become location
immobile which means we could just block them and that'd be
the end of spam.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg