On Tue, 30 Jan 2007, Barry Shein wrote:
I was thinking of something like this (sketchy outline, any use of
"spam" is simply short-hand for "Insert Better Term"):
Spam (definition) currently comprises over 90% (cite) of email
traffic.
The enabling technology for the vast majority of spam are botnets
(description.)
Botnets are particularly problematic because:
a) They allow spammers to command far more resources for sending
spam than the underlying business activity could ever fund; the
resources used are all stolen. Literally hundreds of millions of
copies of a message can be sent out for little or no cost to the
spammer.
b) They allow for address mobility; spam sources can shift between
thousands of purloined computers rapidly thus defeating
identification of the source of the spam for the purpose of blocking
or, where warranted, criminal investigation.
c) They are a fundamentally criminal enterprise relying on the
injection and exploitation of malicious software into victim
computers.
...
Isn't the solution to decline ALL mail from obvious pool addresses? I hear
the argument that you can't put pool addresses in a DNSBL because next
week the bot will have a different address. So put the whole pool in the
BDSBL. Again, I hear the argument that a legitimate MTA may get the
address next. In our tests last year we didn't find any legitimate
correspondes (to us) behind pool addresses. I hesitate to say so, but
isn't much of the noise from critics of blocking pool addresses from
self=styled political revolutionaries and paedophiles who (mistakenly)
think that the FBI won't read mail if it doesn't travel through the ISP
MTA? As for the operators who claim that their ISP MTA is slow, can't
those handfull of malcontents just get another smarthost? (see
http://www.nber.org/sys-admin/smarthost.html ) I'd be willing to do
without their messages in the meantime.
Looking at my after-Spamhaus connecting MTAs, virtually all are pool
addresses, or no reverse name lookup. Do other MTAs get legitimate mail
from pool addresses? Spamhaus has just last week started to offer a
listing of dynamic addresses, but it is only mildly effective so far. But
so far no FPs, either.
Daniel Feenberg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg