ietf-asrg
[Top] [All Lists]

Re: [Asrg] spam down?

2013-01-30 09:40:22
On 13-01-30 09:27 AM, Dotzero wrote:

I think it depends on what you mean by "relatively little effect".
From my perspective - given the current statof adoption - it may not
have an effect on the overall ecosystem but it is certainly pushing
the bad guys from abusing (sending) domains that are implementing
strong email auth efforts to ones that are not.

If that were true, I wouldn't be seeing millions of paypal, linkedin,
et. al. impersonations a day.  But I do.

Validation is so irrelevant that the spammers impersonate sites when
it's clearly unnecessary.  They use their facebook impersonation
templates to send out pill spam for crissakes.  If validation was making
a difference, the ROI would suffer.  I can only guess it isn't.

The reality is that you don't have to forge the From/sender/helo et. al.
to successfully impersonate any domain.  Especially with the mail
readers oh-so-carefully _not_ showing you the actual email address.

It would be interesting to see (I don't have the data) if there is any
kind of shift from sending spam targeting accounts at mailbox
providers that validate to targeting (preferentially) accounts at
mailbox providers that don't.

Most spoofers are already bypassing validation.  So why would it matter
to them whether the mailbox provider is validating or not?

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>