Fridrik Skulason wrote:
What it seems to me now, is that this proposal is not meant to be by
itself, it rather addresses only certain points and tricks that spammers
use. But cutting away the ability to joe-job a site unless you want to
send all of your messages as identical, would definatly help some what.
But it doesn't even do that - a "replay" does not have to involve just
a single message, but rather a large number of similar messages.
Consider this scenario:
A spammer gets an account at yahoo.com and sends (to some throwaway.com
address) a few thousand almost identical messages, each of which gets
properly signed by Yahoo.
Then throwaway.com starts spamming those messages, with Yahoo's
signature, and the headers faked to make it look like the message
comes from Yahoo ... sure, the IP number does not belong to Yahoo,
but unless you have something like LMAP you are out of luck in that
respect.
Of course the spammer takes certain precautions, such as not sending
the same variant of the message twice to the same domain - thus
trying to reduce the chance of anyone noticing two *identical*
messages.
Or am I missing something?
A distributed spam detection system such as DCC
(http://www.rhyolite.com/anti-spam/dcc/) works across multiple domains.
Therefore is the spammer sends an identical message to more than one
domain, it can be detected.
In any case we will have to wait until they release their full
specifications.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Some lies are easier to believe than the truth" (Dune)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg