ietf-asrg
[Top] [All Lists]

Re: [Asrg] Unique innovations made to anti-spam system

2006-01-23 22:06:58
On Jan 23, 10:42pm, Michael Kaplan wrote:
}
} During the harvesting phase the spammer must do what spammers never
} do: use a real and functional return address. We can speculate about
} how crippling this would be for the spammer.

Not especially crippling.  Spammers already use dozens (sometimes more)
of throwaway domains.  [In fact I believe one of hotmail or yahoo has
plans to use the registration lifetime of a domain as a crude measure of
its reputation.]  A lot of mail can be sent before the volume emanating
from any given domain draws attention.

Further, if an army of zombie spam senders can be organized, so can an
army of bounce collectors.  Use the mailbox of the hijacked PC as the
return address, scan mail as it's downloaded, and snatch the bounces
out of the stream before the user sees them (perhaps by masquerading
as (gasp!) a spam filter).  ISACS subaddresses are the perfect VERPs;
the bounces can be flawlessly identified without looking at the content,
and the address will look perfectly normal to all outside observers.

And hey, that zombie PC is in a trusted domain, so there's no CAPTCHA
to decode.  OK, so that domain doesn't stay trusted forever ... but
there's always another PC somewhere else, hiding behind a POP download
from someplace you don't expect.

} So we will say that it is on the second round that real spam is sent
} and that 95% of this will be filtered.

I'm still nonplussed by that assertion.  I'd like to see some analysis
comparing the costs of having 5% of spam get through, to the costs of
operating ISACS; since you don't propose that ISACS will eliminate any
of the costs of managing the other 95%.

} Almost every commonly used domain is trusted, but this spam is using a
} sub-address that was sent to an untrusted domain

Was it?

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>