ietf-mxcomp
[Top] [All Lists]

RE: Forging (was Re: Differences between CSV and Sender-ID )

2004-07-05 16:13:53

Get rid of forging and you will not reduce spamming at all.

I've been saying that on ASRG for about a year.  This isn't news.

RBL's stop spam from one IP, but the spammer can just move, and spam
again.  Does this mean that RBL's are useless?  Of course not.
Similarly, MARID won't stop spam, but that doesn't mean it's
addressing a trivial problem.  I don't see weekly statements on
anti-spam lists saying "RBL's won't stop spam", but I do see such
statements about MARID.  I don't know why, and I just don't get it.

I get it.  People seem to have this belief that anti-spam tools must fail
from time to time, and any better anti-spam tool is going to do more harm
than good: "The cure is worse than the disease." Totally false, but still so
entrenched in most users' consciousness.  And apparently some designers'
consciousness, too.

It's just as bad with anti-virus.  People have it drilled into their heads by
a clueless media, other clueless people, clueless sysadmins that anti-virus
must fail sometimes.  In fact people buy AV tools with failure _in mind._[1]
I face this daily when I try to recommend Messagelabs' or Avecho's services -
how can you beat a 100% virus detection guarantee?

_DNSBLs are useless_ for stopping spam[2], and this is coming from someone
who operates one!  Baeysian filters are _equally useless._  I've said it
before and I'll say it again: I'm here to obsolete the PDL and all projects
like it.

I'm not saying MARID is the cure to spam.  It's a cure to forgery.  As Alan
pointed out, it's a start for before-the-fact anti-spam.  And as I've pointed
out before, it's the beginning of the end for unaccountable e-mail.

[1] Side story: I've also ranted at length about how I have clients who don't
use anti-virus software but don't get viruses, worms, trojans, spy ware, and
a whole host of other net nasties.  I'm talking about thousands of dollars a
month in savings on cancelled AV subscriptions, reduced computer downtime,
and reduced (if not eliminated) fear of net nasties.  I must be crazy, yes?
To conventional computer security thinkers I must be mad.  Yet the proof is
in the client list.

[2] There, Alan! You've heard it: "RBLs won't stop spam."  If you miss
hearing that, I'll say it once a week in ASRG, here, SPAM-L, and wherever
else you miss hearing it.  :-)

-- 
PGP key (0x0AFA039E): 
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>