http://amir.herzberg.googlepages.com/somerecentpapers.
I've marked a number of snippets [...]
I'm basing my comments here on Alessandro's responses; I don't have the
time and patience at the moment to grind through converting a PDF
(which is what this appears to be discussing) into something readable.
extremely low-cost, especially when sending ?bulk? mail
(formally incorrect, the cost doesn't usually decrease with scale)
Hm? You think it costs a thousand times as much to run a mail system
sending 50,000,000 messages a month as it does to run a mail system
sending 50,000 messages a month?
I find that..questionable.
there are different definitions of spam; we use the term spam to
refer to [UBE]
(This also includes "legal" advertising, [...])
Certainly. So?
When choosing an ISP for connecting a mail server, would you
recommend to consider how do they arrange for rDNS and whois?
Certainly, if they care about rDNS and whois. (I would hope anyone
interested in following best practices would care about each. I've
seen things like "nobody cares about rDNS these days" said; in my
admittedly limited experience, clue level correlates remarkably well
with not sharing such points of view.)
(should note that DNSBL are not authoritative/hierarchical)
In what sense are DNSBLs not authoritative?
claiming to be an outgoing MTA of a.com
(formally incorrect, SMTP doesn't allow a sender to say whose domain
it belongs to --again, unless using VHLO)
I think this is wrong, actually; even as far back as HELO, never mind
EHLO, the sender is required to identify itself, thereby indicating a
domain it belongs to. (That next to nobody pays attention to HELO/EHLO
arguments is a separate issue.) To what extent "I belong to
example.com" from an SMTP client is equivalent to "I'm an outgoing MTA
of example.com" is debatable, especially in cases where the EHLO
argument is something like pool18-host422.provider.net....
?fake bounces? are sometimes referred to as ?Joe-job attack?
("backscatter" is also a frequently used term)
It's not clear from the context available to me whether "fake bounces"
in the original refers to mail forged to look like bounces, or bounces
of forged mail. Neither one is what I understand a joe-job to be: my
understanding of a joe-job is the attacker forging the victim's domain
into from fields, either envelope or header. The bounces resulting
from sending joe-job mail to nonworking addresses are the second kind
of "fake bounces", but a joe-job is not the same thing as the fallout
from a joe-job. (My understanding of "backscatter" is that it refers
to the second kind of "fake bounces". I've also heard/seen it called
"blowback", though I'm not sure how reasonable that is compared to
other uses of the word.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg