I find item #1 humorous, "unscrupulous companies". Ever shopped with
Amazon.com? They sell addresses, but yet have a high amount of consumer
trust.
In response to item 3, the idea of the disposable address is for the
server to dispose of the mail and not respond. The server would forward
the mail to a dead-end account.
Curtis
At 2:02 PM -0400 10/2/03, Yakov Shafranovich wrote:
This document gives instructions for implementing a mail system
that will reduce the amount of SPAM received by the end users. The
instructions specify disposable and single-purpose mailboxes that
will allow for the source of SPAM to be easily identified.
I'll confess, I haven't read it. But from the description I have
several comments.
1. I've been using per-domain addresses for several years (e.g.
username+webdomain(_at_)somewhere(_dot_)com). I've gotten very confused at
times in registration systems when a company changes it's name, but I
have never received spam to any of them. Guess I don't give my
address to unscrupulous companies.
That said, I full expect to get spam eventually. It happened to one of
my older addresses. One of the companies I gave it to went out of
business and sold their address list. Which leads me to #2.
2. So I know who sold my address. What does that gain me? It
certainly doesn't stop the spam. It doesn't even tell you who has the
address now.
3. Spreading lots of different email addresses around is a bad idea.
The fact that you know you can reject them really doesn't help. As we
speak, my mail server is eating up 8-16KBs of bandwidth right now doing
nothing but rejecting email sent to non-existent addresses. Yesterday
some idiot on Level3's network tried to connect to our mail server
500,000 times. You do *not* want that happening to your mail server.
Increasing the number of throwaway addresses simply
increases the bandwidth costs of spam.
4. I gather from other comments that the technique uses wildcard
addresses. I tried that just the other day. I figured I'd set up a
wildcard address for somewhere.com that pointed to Versign's
"service". I thought maybe they'd enjoy all the traffic from people
attempting to ftp to ftp.somewhere.com, or spam smtp.somewhere.com, and
so on. Three pieces of software in my network broke in the next two
days and I gave up and got rid of it.
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to
accept responsibility for their own actions, or that they are so eager
to regulate everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg