ietf-asrg
[Top] [All Lists]

Re: [Asrg] We got some stinging criticism

2004-05-12 21:50:07

On Wed, 12 May 2004, der Mouse wrote:

The Internet community was told spam was beneath the IETF for eight
years, then we were told that it was a long term research problem and
only after SPF or CallerID looked like succeeding without IETF
endorsement did anything happen.

You appear to think that someone is going to be able to impose
something like SPF or its ilk.  The closest you'll get to this is some
cabal like AOL/Microsoft/Yahoo/etc refusing to talk with anyone who
doesn't - in which case I for one will be quite firmly on the "doesn't"
side; A/M/Y/etc bring a fairly large negative value to my mailbox and I
would love it if they would go away.

Well, I'd love it if everybody stop using windows and switched to linux 
but lets be realistic...

SPF won't stop spam.  CallerID won't stop spam.  All they'll do is make
it a little more traceable, right back to the zombie which handed the
message to its outgoing smarthost - basically what we already have now.

No, neither SPF not CallerID will have any serious effect traceability of 
spam by ip, they are not designed to do it at all. The only value in 
SPF and CallerID and similar proposals is to stop spammers from forging 
your own domain (joe-jobs) and banks and other important companies domains
(phishing) which might cut a little into criminal spammers revenue.

It will put a dent in it briefly, which will be trumpeted as a great
success, 
Doubt that. The adaption can not happen that quickly as to allow to see
any results right away. Additionally the results are rather small as far 
as spam itself is concerned, rather the results would be that spam filters 
would have easier time picking up phishing scam emails, but out of all 
spam, such emails account for < 5% of total and as such eventhough they 
do greater damage to people who might fall for it, they will not be seen 
in the whole context of increasing amount of different sort of spam that 
people will continue to see in their mailbox.

Additionally given even most optimistic adaption rate of 25% of actively 
used domains within 12 months, it gives enough time for spammers to adapt
as number of spammers is LOT smaller (on the scale of 1:100,000) then 
number of mail server operators as well as number of spamware programs is 
smaller then number of mail servers, but more important spamware writers
are quicker to adapt given how much money they get paid by largest spammers
(they only need to have couple large spammers pay them to have enough
monetory incentive to implement new feature where as for antispammer 
software writers they need thousands to pay)

a dent which will last just long enough for spamware authors
to update their products to send to smarthost instead of direct to
target MX; new code will roll out and it will be business as usual.
They don't need to do it at all. All they need to do is to either forge 
domains that do not have LMAP records (i.e. add code in their spamware
to do quick search for domains that don't have it before forging something)
or even to enter their own LMAP records using some throw-away domains
(nothing new to spammers, they have good skills at creating through-away
domains for spammer-advertised websites where lusers actually place orders)

Nothing but action by the providers hosting the zombie armies will stop
spam, and probably even that won't truly _stop_ spam (though if the
large providers were to somehow miraculously get a collective clue and
take effective action, they could reduce it to tolerable levels).
Agree completely.

And as I noted one way to work on this as part of that is to identify which
ip blocks are used by lusers who are very unlikely to be running mail 
server. i.e. MTA-MARK proposal or some kind of variant of that that puts
LMAP or like records in IN-ADDR space. Unlike every other LMAP proposal this
really does have potential to stop sizable amount of spam and it can 
happen quickly enough that spammers may not be able to adapt immediatly
as to have noticable effect of ever 25% all that would be needed is that
5 out of 10 largest dsl/cable providers enter these records and convincing
5 providers to enter something into dns is a lot easier and can happen
a LOT quicker then when we wait for same to happen to 1 million domains.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg