On 1/23/06, Bart Schaefer <schaefer(_at_)brasslantern(_dot_)com> wrote:
On Jan 23, 10:42pm, Michael Kaplan wrote:
}
} During the harvesting phase the spammer must do what spammers never
} do: use a real and functional return address. We can speculate about
} how crippling this would be for the spammer.
Not especially crippling. Spammers already use dozens (sometimes more)
of throwaway domains. [In fact I believe one of hotmail or yahoo has
plans to use the registration lifetime of a domain as a crude measure of
its reputation.] A lot of mail can be sent before the volume emanating
from any given domain draws attention.
Spammer domains that exist for the sole purpose of collecting ISACS bounces
by sending out spam with real return addresses would be discovered almost
instantly and could placed on a blacklist. A spammer will likely need to
register well in excess of a thousand new domains a day to successfully
collect the bounces needed to spam a million ISACS accounts. How expensive
is this? And he still needs to deal with the CAPTCHA.
Further, if an army of zombie spam senders can be organized, so can an
army of bounce collectors. Use the mailbox of the hijacked PC as the
return address, scan mail as it's downloaded, and snatch the bounces
out of the stream before the user sees them (perhaps by masquerading
as (gasp!) a spam filter). ISACS subaddresses are the perfect VERPs;
the bounces can be flawlessly identified without looking at the content,
and the address will look perfectly normal to all outside observers.
And hey, that zombie PC is in a trusted domain, so there's no CAPTCHA
to decode. OK, so that domain doesn't stay trusted forever ... but
there's always another PC somewhere else, hiding behind a POP download
from someplace you don't expect.
A single zombie spam sender can send out multiples of thousands of spams a
day. A zombie bounce collector can only spam the small number of people who
correspond with the owner of the hijacked PC. This is unlikely to be enough
spam to take anything but a very small domain off of the trusted domain
list. The owner of the zombie bounce collector PC will soon get a lot of
angry emails; rectifying action will quickly be taken.
Under the current email system zombies that snoop email address can exist
for prolonged periods of time without being discovered. Yet even today they
are not perfectly efficient since a number of users actually are able to
conceal their address from spammers. With ISACS these snooping zombies will
be readily discovered, and the damage that they do will be readily repaired
when the compromised sub-addresses are deactivated.
Thank you for you input,
Michael Kaplan
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg