ietf
[Top] [All Lists]

Re: filtering of mailing lists and NATs

2001-05-22 15:10:02
From: grenville armitage <gja(_at_)UREACH(_dot_)COM>

...
Who knows. I suspect it would be a *vastly* long time before the
ratio of 'blocked mailing list' to 'personal email addresses' becomes
so high that spammers will special-case their code just to target
mailing lists. Today mailing lists are accidental inclusions on spammer
master target lists.

That last is clearly false for much of the spam that hits IETF lists.  At
least some spammers evidently already understand that one message through
a working and large list will hit a lot of valid addresses, often very
well "targeted" addresses.  Besides, mailing list traffic tends to be
"white listed" and so bypass individual spam filters.


                     They already deal with email addresses that get
stale and bounce,

Serious spammer do not care about stale or bouncing addresses.  That's
demonstrated by the "dictionary attack" spammers who have lists of 100's
to 1000's of user names that they try at every domain they hit.  If you
have a vanity domain, then watching for dictionary attack bounces and they
wiring those addresses to automated body filters can be very effective
measured in low false positives and false negatives.

                  the trick is to convince them our mailing list address
is similarly 'stale'. This *is* social engineering, by us, of them,
using technology.

That assumes that that spammers prune their lists.  However, they clearly
do not.  My best body spam trap address today is a misspelling of my
username that first started getting hit several years ago, and that has
*never* been valid, and bounced for years until I recently wired it to
body filters.  The mispelling was apparently a harvesting software bug,
because many other people reported seeing equivalent bad addreses.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com