ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] "worm spam" and SPF

2004-11-28 22:54:21
from [gep2] [Permanent Link] 
Absolutely, and that's precisely why SPF (like the other equally braindead 

certification/identification schemes) is a non-solution for this problem.  
Virus/worm authors can (literally overnight) shift to using the real E-mail 
address belonging to the person whose machine they've infected, and just as 
quickly all their worm/spam messages will fly through SPF (and similar) 
domain-certification checks.  :-(  So we would have spent YEARS arguing over 

and 

maybe finally agreeing on and implementing something that literally 
overnight 

is 

rendered useless.  (And you know, the spammers love to get the last laugh 

like 

that, making everyone else look like the clueless idiots they are).



The reason that various forms of malware started using the tactic of 
using randomly-found addresses inserted into FROM: headers in the 
first place was to make it much more difficult to track down the 
infected user/host and/or shutdown/disconnect the infected machine.  


Well, except that it isn't.  All the headers post-insertion presumably point 
back at the (really) infected machine, or at least to the machine that first 
accepted the bogus mail.

But the traceback, ultimately, isn't all that critical.  The important thing is 
simply that the spam not be delivered to anybody, or that if it IS delivered 
it's simply not effective.


If malware reversed course in that regard, it would instantly become 
vastly easier for anyone to locate/shutdown infected machines again - 
even for tech-illiterate people.  So I think that tactic shift on the 
part of malware authors would be self-limiting.


I agree to the extent that ultimately the spammers are going to be put on the 
defensive, but meanwhile, SPF and the like is NOT the way to solve the 
spam/worm/virus problem.  Other approaches are FAR more effective, better 
controlled, more targeted, less expensive, faster, and with less deleterious 
side-effects that harm legitimate mail and legitimate senders.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] FW: Your email requires verification -- oh, no it doesn't, Dave Crocker
Next by Date:  Re: [Asrg] FW: Your email requires verification verify#DzSXey5Ib5bYxjdNkwIJu 3jkHCbIESbz, Danny Angus
Previous by Thread:  [Asrg] Re: "worm spam" and SPF, Frank Ellermann
Next by Thread:  Re: [Asrg] "worm spam" and SPF], Fridrik Skulason
Indexes:  [Date] [Thread] [Top] [All Lists]