|
Re: spam
2003-05-30 01:13:58
At 09:44 29/05/03 -0600, Vernon Schryver wrote:
It is an article of faith for many people that most spam involves
header forgery, but no one seems to have better support than intuition
for that faith.
This comment prompted me to do a little experimentation. I keep all my
spam (except that large ones that I don't bother to download), mostly unread.
It's not scientific, or very statistically significant, but I examined the
last 20 spam mails I received, and note that:
(a) 3 appear to have been received at my ISP with forged or inconsistent
SMTP envelope information.
(b) 7 have significant inconsistencies between email headers and
received-from trace to make me believe that they are probably forged headers.
(c) 5 have email header information that may or may not be forged -- I
couldn't see enough evidence to make an assessment either way
(d) 5 have email headers that I believe to be genuine. Of these, 3 come
from what I presume to be throw-away accounts at AOL or hotmail.
My assessments were made initially by comparing the from address with the
received trace, and making a judgement (not always scientifically) about
the relationship between the addresses offered. In some cases, I also
looked to the message content and check to see if the source address is
DNS-resolvable and/or reachable. Of the "definitely-forged" headers, three
used domain names that are operated by my own ISP, and I'm pretty sure are
not customers of same.
The 20 messages I examined appeared to be broadly typical of the style of
spam I generally receive.
This little experiment suggests to me that header forgery is a significant
factor in spam -- I estimate about 50% of the sample I examined.
And one other data point: in looking at my spam, I discovered two messages
that were not strictly spam, because I had signed up for communications in
the past, but which had been swept into my spam-box in the general
clear-out. I don't currently use automatic filtering, but simply move
unrecognized messages onopened into the spam box. The point of this is
that legitimate email marketing is suffering by failing to be sufficiently
distinct from the unsolicited spam.
I don't claim all this proves anything, but I think I have cause to believe
forgery of email headers is involved in a significant portion of the spam I
receive.
#g
-------------------
Graham Klyne
<GK(_at_)NineByNine(_dot_)org>
PGP: 0FAA 69FF C083 000B A2E9 A131 01B9 1C7A DBCA CB5E
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: crypto-spam, (continued)
- Re: spam, Eric A. Hall
- Re: spam, Dean Anderson
- Re: spam, Iljitsch van Beijnum
- Re: spam, Vernon Schryver
- Re: spam, Iljitsch van Beijnum
- Re: spam, Vernon Schryver
- Re: spam, Andrew Shore
- Re: spam,
Graham Klyne <=
- Re: spam, Vernon Schryver
- Re: spam, Eric A. Hall
- Re: spam, Vernon Schryver
- Re: spam, Eric A. Hall
- Re: spam, Dean Anderson
- Re: spam, Anthony Atkielski
RE: spam, Christian Huitema
|
|
|