ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work

2003-08-05 20:10:39
from [Bill Cole] [Permanent Link] 
At 5:05 PM -0700 8/5/03, Hallam-Baker, Phillip wrote:

        I can imagine groups of kids getting together in IM chat groups
 and deciding to have some fun "shutting down Microsoft" by
 having large
 numbers of people report their machines as a source of spam. The same
 sort of "community based" attack might be used to shut down the mail
 servers of the Democratic National Committee or some specific
 political
 candidate shortly before an election...


This action is a regular occurrence, not a possibility.

The moveon.org list is regularly blocked for this reason, fortunately it is
now large enough to be whitelisted in many places but a lot of sysadmins
with differing political views still block it using the blacklist entries as
an excuse.

I'll bet that symantec is on plenty of blacklists because there are people
who sell pirated symantec products using spam at prices that are a fraction
of retail.
Those are 2 very poor examples, given that both organizations have sent unsolicited bulk email (yes, real live spam) and so are absolutely reasonable to include on any list of senders of spam. That they also send a lot of mail to people who have asked for it is of debatable relevance.
Both are also examples of 'targeting' being a wholly inadequate substitute for actual affirmative consent. In the specific cases where I am directly aware of both Symantec and MoveOn spamming, the targets were perfectly reasonable guesses as to what sort of people might be interested and open to their solicitations. The targeting was as good as could be except for the fact that the targets all wished to not get unrequested solicitations via email.
If it was possible to identify spam reliably by its senders and content, there would be no need for a research group on spam. Codifying existing tools could solve the whole problem. Unfortunately, entities like Symantec, MoveOn, Verisign, and a myriad of others send identical messages from the same places both to people who never consented to that mail and people who actively requested it. Fixing that problem is beyond any strictly technical solution. 

--
Bill Cole
bill(_at_)scconsult(_dot_)com


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 6. Proposals - Blacklists - Community-based (was RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work), Yakov Shafranovich
Next by Date:  RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work, Margie
Previous by Thread:  Re: [Asrg] Trustic anti-spam system closes down because it doesn 't work, Justin Mason
Next by Thread:  RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work, Margie
Indexes:  [Date] [Thread] [Top] [All Lists]