At 2:02 PM -0400 10/2/03, Yakov Shafranovich wrote:
This document gives instructions for implementing a mail system that
will reduce the amount of SPAM received by the end users. The
instructions specify disposable and single-purpose mailboxes that
will allow for the source of SPAM to be easily identified.
I'll confess, I haven't read it. But from the description I have
several comments.
1. I've been using per-domain addresses for several years (e.g.
username+webdomain(_at_)somewhere(_dot_)com). I've gotten very confused at
times in registration systems when a company changes it's name, but I
have never received spam to any of them. Guess I don't give my
address to unscrupulous companies.
That said, I full expect to get spam eventually. It happened to one
of my older addresses. One of the companies I gave it to went out of
business and sold their address list. Which leads me to #2.
2. So I know who sold my address. What does that gain me? It
certainly doesn't stop the spam. It doesn't even tell you who has
the address now.
3. Spreading lots of different email addresses around is a bad idea.
The fact that you know you can reject them really doesn't help. As
we speak, my mail server is eating up 8-16KBs of bandwidth right now
doing nothing but rejecting email sent to non-existent addresses.
Yesterday some idiot on Level3's network tried to connect to our mail
server 500,000 times. You do *not* want that happening to your mail
server. Increasing the number of throwaway addresses simply
increases the bandwidth costs of spam.
4. I gather from other comments that the technique uses wildcard
addresses. I tried that just the other day. I figured I'd set up a
wildcard address for somewhere.com that pointed to Versign's
"service". I thought maybe they'd enjoy all the traffic from people
attempting to ftp to ftp.somewhere.com, or spam smtp.somewhere.com,
and so on. Three pieces of software in my network broke in the next
two days and I gave up and got rid of it.
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg