ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: SPF abused by spammers

2004-09-10 07:35:16
On Fri, Sep 10, 2004 at 01:57:54PM +0100, Peter Bowyer wrote:
OK, so you know those domains belong to spammers. If you receive mail
apparently from one of those domains which passes SPF, you *know*
you've received a spam. Thanks, spammer, for confirming your identity
and making it easy for us.

So what? As I wrote it is peanuts for them to allocate their domains out
of a pool as big they want it to have. With 4 digits + 2 chars you can
create about 6.5 millions different domains. Burning 100 of them each day
costs them 500 dollars probably less and they can burn with 100 a day for
about 178 years. Add two more digits and you can burn 1000 a day for the
same period.

How fast will the domain blacklists adapt? Do they have a 10 minutes
window? This is kewl so they only need 144 domains a day to burn if they
use each one for only 10 minutes and never ever again.
It takes only 5 minutes to add new spammer domains to the blacklists?
No problem, they use 288 domains each day, each for 5 minutes.
With 4 digits and 2 chars to randomize they can "work" for 60 years
burning 300 domains a day.

This all is simple math. And please don't provide solutions like
"then we'll block all domains with the pattern"
    *[a-z][a-z][0-9][0-9][0-9][0-9]*
there are 15 different combinations of 2c and 4d.
And sorry, if I want to add all this to blocklists I can do it right now,
I don't need SPF for that. Blocking according to this pattern will also
hit a lot of innocent domains.

Get it, SPF doesn't help in *any* way to block spam in significant numbers.
It is a matter of simple math to prove it.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg