Date: Mon, 21 May 2001 20:21:10 -0700
From: grenville armitage <gja(_at_)ureach(_dot_)com>
Message-ID: <3B09DB26(_dot_)AA6383A4(_at_)ureach(_dot_)com>
| Most spammers strike me as opportunistic and not overly interested
| in special-case-handling a couple of subscribe-to-send lists,
Of course, and as long as they can get to the vast majority of their
target, it will probably remain that way.
But as soon as the spammers need to go to some extra effort to reach
their audience, you can be sure they will.
...
Now we're having suggested that only "known" e-mail addresses be allowed
to send to certain destinations. Assuming that becomes really popular
(rather than just used on a small set of irrelevant lists) how long do you
think it will be before the spammer's lists of names contain not only the
destination address, but the From: address they should use to send to that
address?
A long time, actually. While it is true that spammers will work around anything
that seriously impedes the flow of spam, you have not shown that spam sent to
lists is at all important to spammers. Every indication I see is that lists are
primarily useful to spammers as a source of addresses to send spam to directly,
and less as a target for spamming lots of people indirectly. Indeed, most
spammers that send to lists seem totally uninterested in the fact that they are
sending to a list; it is simply another address they have culled from some sort
of scan.
And while there have been some isolated reports of subscribe-then-send and
send-using-a-subscriber strategies used by spammers, the frequency of their use
appears to be way out of porportion to the number of lists that have
successfully fended off spam by using various subscriber-only techniques.
I mean, how hard do you think it is to stick From: gja(_at_)ureach(_dot_)com
in the heading of the mail?
Actually, maintaining an additional per-list address and keeping that address
up to date is pretty difficult. It is much easier -- and quite effective -- to
simply prowl for addresses that reach users directly.
This is not a technological problem - it is a social problem. We cannot
fix spam by technological means - it has to be fixed by social means.
In general, I agree with this assessment. But that doesn't mean that some point
fixes don't help in some cases.
Ned