On Mon, 02 Dec 2002 14:33:16 PST, "Hallam-Baker, Phillip" said:
If the spammer wants to perform custom operations for each
constituency they want to spam.
No - you need a single custom cert/identity for each spamming run of several
million. Unless you were *really* intending to cross-check the 3,000
spams they dropped on the IETF lists against the ones they sent to
yahoo.com's mailers, and the ones to AOL, and the ones to MSN, etc etc..
The worst part is that they would then present the *same* credentials to
the main IETF list and all the working groups. This ends up leveraging one
of the strong points of digital signatures - if a signature is "well known"
because it's seen widely, it gets taken more seriously. And there's no really
good way to tune this - I'm sure I post more to IETF lists than most spammers
do, so you can't even say "if they post more than X/day they're spammers"....
I don't think they do, they have to be able to spam millions
of people at a time or the response rate is simply too low.
Reported response rates are in the thousandths of a percent,
so spamming the entire IETF gets less than a tenth of a customer.
But they got a tenth of a customer for *ONE* piece of outbound mail.
Which is an extraordinary response rate.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgpjCVGIbhmZC.pgp
Description: PGP signature