ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 2. - Spam Characterization - Possible Measurements (wa s : RE: Two ways to look at spam)

2003-07-08 03:15:34
from [Paul Judge] [Permanent Link] 



-----Original Message-----
From: Barry Shein [mailto:bzs(_at_)world(_dot_)std(_dot_)com] 
Sent: Monday, July 07, 2003 7:12 PM
To: Dave Crocker
Cc: Paul Judge; 'asrg(_at_)ietf(_dot_)org'
Subject: Re: [Asrg] 2. - Spam Characterization - Possible 
Measurements (wa s : RE: Two ways to look at spam)



Well, there's one characterization from measurements 
mentioned which spammers can't adapt to and that's their 
location (in)stability in IP space.

This relates to the idea that the only reason spammers can 
operate effectively is because they exploit thousands of 
hijacked computers which gives them location mobility (not 
geographic but in ip space.)

If this can be shown to be true via measurement it leads to 
the conclusion that perhaps the problem with spam is not what 
leads to this idea of a "consent" framework as originally 
proposed in this charter, but, instead, shows spam is almost 
entirely a security problem.


The consent framework does not contradict that spam is a security problem. I
believe that the unauthorized use of resources (for sending messages as well
as those of the recipients) are grounds for that statement. Additionally,
the potential disruption in availability is another reason for such a view.

While one path is to focus on the 'security' of the hijacked computers, I
think that we have learned over the years that they will continue to find
new means of injecting their messages into the system (relays, dialups,
hijacked machines, proxies, webforms, free mail services, etc.).

Therefore, it seems that while some focus on each of these makes sense,
overall we should maintain the broader view of the problem. For example, you
mentioned that spammers exhibit an instability in the IP space. Is there a
way to measure this relative to senders of wanted messages? Can this
relationship be used to detect new sources of unwanted messages or to
determine stable sources of wanted messages? This is useful in the
prevention of unwanted messages and the preservation of wanted messages.
Such a heuristic could be part of reputation system.



Spammers can't adapt their way out of this observation 
because that would mean they'd have to become location 
immobile which means we could just block them and that'd be 
the end of spam.

-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 

http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 3. Requirements - Non Spam must go through, C. Wegrzyn
Next by Date:  Re: [Asrg] 3. Requirements - Non Spam must go through, Jon Kyme
Previous by Thread:  RE: [Asrg] 2. - Spam Characterization - Possible Measurements (wa s : RE: Two ways to look at spam), Hallam-Baker, Phillip
Next by Thread:  RE: [Asrg] 2. - Spam Characterization - Possible Measurements (wa s : RE: Two ways to look at spam), Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]