Quoting "C. Wegrzyn" <wegrzyn(_at_)garbagedump(_dot_)com>:
What I can also tell is that I have two accounts - one public and one
very private. The public one gets spammed all the time. The private one
hasn't ever gotten a spam message. The private one I use to communicate
with friends, business people, etc. The public one is used on netnews
(yes I know...talk about advertising!), lists such as this one and
general postings. That one gets spammed all the time.
How long have you had that private address? Perhaps there's something about the
name which makes it difficult to guess in a dictionary attack.
I've been through three private addresses over a period of 5 years, all based
at Hotmail. Admittedly it's an obvious domain for spammers to target, so that
might be a factor in what follows. But anyway here's one insight...
The first Hotmail address got spammed because I was careless in those days,
gave it out widely and I'm sure it found its way into various list archives and
other web pages so it got crawled easily. Eventually I ditched it because the
spam was overwhelming and Hotmail filtering was pretty non-existant in those
days. Even if I hadn't given it out, it was a pretty short easily-guessed name
and Hotmail tended to list people by default in their member directory anyway.
The second new address was still fairly simple in composition: a string of 10
alphabetic characters representing my intials and surname. I was a lot more
careful to keep this private but somehow spam started to trickle in and
(perhaps because the initial trickle failed to bounce), a whole flood opened
up. I suspect that this account was spammed by dictionary attack, particularly
because other (very similar) addresses at Hotmail often appeared in the "To:"
or "CC:" headers of the spam I received. Hotmail was pretty obliging about
sending "no such user" bounces in those days so I'm sure this was an effective
method for the spammer. (I've no idea what their bounce policy is like now.)
My latest Hotmail address I've been equally paranoid about giving out, but I
chose a less obvious name with an underscore embedded. For the first 9 months I
received no spam whatsoever but now some has begun to arrive. In this case I
think either a company I corresponded with has sold my address or else
dictionary attacks are becoming more sophisticated.
The issue of how spammers obtain e-mail addresses in the first place, and under
what conditions they tend to stop sending to an address can be helpful to
understanding the nature of the problem. In fact I've still kept one of my old
addresses as a spam trap so I can collect spam and study it.
I'm guessing that many honeypot people do analysis like this all the time, only
they're in a position to do so more rigorously than my little dabbling. Any
insights into this would be most interesting (to me at any rate).
Andrew
Chuck Wegrzyn
Jon Kyme wrote:
And it's been going up by a factor of at least 2, every year,
for
about as long as I've had the domain. This is the future of email
for
everyone.
I don't see how that follows, but I can't prove that you're not
right.
Take a random domain with a random number of addresses. Eventually
they start getting spam. Two things happen. First, no matter what
your churn, the addresses that got spam will continue to get
more--even if they stop existing. Furthermore, over time typos,
screwed up alphabet attacks and other factors will cause more and
more non-existent addresses to get spam. It always grows. It never
shrinks.
It certainly seems that way, but all we actually know is that
it *has* always *grown*, it *has* never *shrunk*.
This is begging the question rather. Are addresses ever removed from
spammers lists? Will they ever be? Is there an economic argument for
the
list producers to "improve the quality" of their lists? Will there
ever
be? What are the effect on list dynamics of current and future
anti-spam
deployments? legislation?
I guess this would come under "understanding the problem".
Although somewhere.com is behind striker on the curve (only 10
million bounces last year), I've also been seeing the factor of two
progression for the five or six years I've been tracking it.
These are exactly the sort of numbers that someone should be
collecting
(and aggregating). I'm not denying the truth of anyone's observations.
It's
just that the predictions are also based on some assumptions about
spammer
behaviour - which I don't know much about.
"I can't prove you're not right" = "not falsifiable right now" (time
will
tell).
Regards,
JK
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg