Roy Badami wrote:
I think that LMAP will certainly stop spam in the short term,
in the same way that checking the domain of the MAIL FROM
resolved was quite effective for a while. Then spammers adapted,
[...]
Neil Brown wrote:
If LMAP is only to be a short term measure, then it isn't worth
the effort.
By that reasoning nothing is worth the effort. You are trying to design
a silver bullet; we already have acknowledged that there was no such
thing. MARID/LMAP/SPF etc are to become one out of 20 or 30 items in
mail handling. Look back in a recent past: there was a time when RBL
lists were the solution. Then the spammers adapted. Then came Bayesian
filters and many people touted them as "the" solution. Then the spammers
adapted. MARID is not going to be the silver bullet that will stop spam.
MARID will stop 20% of spam in the beginning and 5% in the end.
Try to become the spammer: if you had half a brain, would you today use
an open relay listed on spamhaus to spam? Of course not. The same thing
will happen to MARID tomorrow. Timing is everything; currently my
problem is not bozos that use open relays that have been in an RBL for 6
months; they have not adapted and they will die.
Spam sending and spam fighting are like the TCP sliding window: when the
lower sequence has been acked, the bottom of the window closes but the
top opens. The old story of the shield and the weapon; you are talking
about long-term gains like you already have the nuke that could end the
war. You don't have it. And anyway, sometime after you built the nuke,
the sworn enemy has collapsed and you finally feel safe, someone invents
terrorism. The end is not in sight.
Roy Badami wrote:
Sender address verification (callback verification) is currently
quite an effective measure, though spammers are adapting and
becoming more inclined to send from valid addresses that don't
belong to them.
LMAP will have a similar window where it is useful by itself;
once LMAP starts to be widely adopted, spammers will start to
adapt and publish LMAP records, and we'll have to move on to
reputation services.
Neil Brown wrote:
"move on" ?? -- let's get it right the first time
"reputation services"?? -- no thanks, too centralised.
I agree with Roy here. Until you can produce the silver bullet that most
reasonable people agree that if existed we would have found it by now,
reputation services are going to be used. I am not making predictions on
how good or successful they will be, but we'll collectively give them a
shot, and I suspect they'll end up being one of the 25 check boxes one
will have to check in a while.
Roy Badami wrote:
Still, there's a window when LMAP alone will be useful, and I
think that's what's driving a lot of the early adopters. By
the time LMAP becomes mainstream (and probably by the time
this WG produces a spec) that window will already be starting
to close, with significant numbers of spammers publishing
LMAP records...
I'm afraid I have to agree with this too :-( spammers are registering
domains by the truckload just as contingency plans.
Michel.