ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: "worm spam" and SPF

2004-12-07 15:37:48
Gordon, apropos your scheme: What happens when a zombie sends the 
infected's email address and his address book to the spammer, so the 
spammer can send spam to the address book 'from' the infected?  Any 
reason not to expect that to happen if your scheme were to become popular?

With my approach, it makes NOT THE SLIGHTEST DIFFERENCE where the E-mail 
address 
is actually posted from.  The key is:

  1)  Who the mail is SUPPOSEDLY from;
  2)  What the recipient EXPECTS mail from that sender to look like.

If the mail doesn't look like it comes from who it claims to come from (i.e. 
the 
way their mail is trusted to look, and habitually looks) then it's treated as 
suspect.

So even if someone finds out who you normally might get mail from, that doesn't 
help the spammer in the slightest, UNLESS he sends mail which LOOKS enough 
"like" the mail you get from that person.  

So, in particular, if you don't get JavaScript or HTML or executable 
attachments 
or ActiveX from that sender, and have those enabled specifically for that 
sender, no worm or virus is STILL going to be able to get anywhere at all by 
forging that sender's E-mail address on infectious mail being sent to you.  

BTW, no response to my previous post/email? See the difference?  Your 
statements didn't actually apply to CSV.

Nor, in fact, did CSV apparently apply to what *I* was talking about, either.  
:-)

I haven't paid all that much attention to that approach;  but of the things 
I've 
been seeing discussed, I haven't seen *anything* that has anything near the 
quick and reliable payback that my concept gives, the ease of installation, and 
with the negligible impact that my approach gives for legitimate users.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!  http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg