ietf
[Top] [All Lists]

Re: spam

2003-05-30 07:18:18
From: Graham Klyne <GK(_at_)ninebynine(_dot_)org>

...
It is an article of faith for many people that most spam involves
header forgery, but no one seems to have better support than intuition
for that faith.

This comment prompted me to do a little experimentation.  I keep all my 
spam (except that large ones that I don't bother to download), mostly unread.

It's not scientific, or very statistically significant, but I examined the 
last 20 spam mails I received, and note that:
...

This little experiment suggests to me that header forgery is a significant 
factor in spam -- I estimate about 50% of the sample I examined.

...
I don't claim all this proves anything, but I think I have cause to believe 
forgery of email headers is involved in a significant portion of the spam I 
receive.

The main thing your experiment proves is the compelling nature of the
article of faith.  You actually found 15% were forged, 35% might have
been, and concluded that probably 50% were.  Please understand that
I do not mean to suggest less than 50% of your sample was forged or
that forgery is not significant.  My point is that in fact you have
only what sounds like weak ("pertty sure") evidence for only the 15%.

When designing things, the first and most important requirement is
keeping track of what you know, what you suspect, and what you don't
know.  Someone I worked for 25 years ago was fond of saying "what you
don't know can hurt, but what you know that aint so can kill you."
Many spam solutions are based on the religious belief that most spam
is and must remain "forged."  Even if the first half of that religion
is true, the second half is plainly false.  Forgery is not required,
and spam solutions that stop forgery will only cause spammers that
now forge to use other tactics like registering hundreds of domain
names such as addadomainforyoutomail.com, addthisonetoo.com,
atepaintchips.com, chairwithfingersattached.com, and downinone.net.
(My notes list more than 270 other fairly recent domains of that porn
spammer.)

Why are do many spam "solutions" address only forgery?  I think there
are two main reasons.  Stopping forgery seems far easier than stopping
spam.  More important is that admitting forgery is not part of a
significant fraction of spam (your other 50%) and not a required part
of spam in general requires admitting that the spam problem exists
only because many of our own ISPs do not care enough about spam to
punish our fellow spamming customers.  Many ISPs are like UUNET/MCI,
which always dealt with spam with more wishful thinking and even bald
faced lies than its finances.  (People here may have missed the years
of obviously false statements from the UUnet abuse department spokesmen
in news.admin.net-abuse.email.  I hope bland claims of the impossibility
of examining RADIUS logs to find a reseller to hold responsible or
the technical impossibility of packet sniffers on fiber would have
been laughed out of the IETF.)

The spam problem is in a state like the dot-com stock bubble before
that collapse.  Neither problem could or can be addressed anywhere
that hype and wishful thinking is preferred to facing facts.

The IETF will design SMTPng and the world will replace SMTP with SMTPng
in fewer than 10 or 20 years, and the proof of that is HTTP needed 5
years to reach critical mass without any significant competition and
in a trivially tiny network compared to the Internet of today?
http://www.w3.org/History.html


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>