On Thursday 25 March 2004 13:59, Brian Candler wrote:
It's very unlikely that you'll see a significant decrease in joe-jobs in
the short to medium term, since the vast majority of MTAs will ignore your
SPF records.
Well at the moment 90% of them are from postmaster(_at_)AOL(_dot_)com, and we
know AOL is
adopting SPF, so I'm hoping that my adding an SPF filter will tell AOL to
reject the spammers emails at once, and not to bother sending a bounce
message to me - your mileage may vary, but I think SPF may well work for me
for this spammer.
(last year I wrote a script that
traced the source IP of the original email and complained to the abuse
department of the appropriate ISP, but after 25,000 complaints led to
only about 10 replies, and the spammer started forging headers, I gave up
on it).
And SPF won't help with forged headers one jot.
Didn't say it did - depending on the bouncer to include the headers is pretty
weak too, just pointing out that reporting abuse was a response I tried and
invested some serious effort into, but it achieved bugger all for me.
Unlike a telephone call, a TCP connection is free, apart from a few bytes
of memory used for a socket data structure. With 512MB DIMMs at about £50
in the UK at the moment, it's not an issue. If they are connecting to
different destinations, then the 16-bit limit on TCP source port numbers is
not an issue either.
Well, not really true... the tarpit means that they're encouraged to send all
the mail and then given a soft deny... so given how much of the spam comes
from infected DSL/cable machines that may have 500kbit/sec download, but only
a fraction of that for upload, and lots of them are crap Win9x machines
(easier to infect, but not much memory, poor network stack, very poor
threading performance etc.) then I think that if we could get more people
doing tarpitting then we can change the economics.
Spammers don't pay for RAM, the current crop hope to infect 5,000 machines,
and then when they call them in, they hope to find maybe 2,000 of those
currently online and available to send DSPAM. If we can make 10% of those
emailss take 10x longer to send, then we've just halved that spammers
effectiveness and doubled his costs.
My suggestion would be to choose a solution which fits the problem. If your
problem is that you receive lots of joe-job bounces, the solution is to use
SRS-style sender cookies in the envelope of your outgoing mail, as
documented on this list. It's an instant solution which doesn't require
cooperation of anyone else on the Internet.
Well that does nothing for me - I can recognise the bounces as they're
addressed to non-existent users (it's a vanity domain, the spammer is
inventing usernames), but the fact is that I'm still being maligned - every
now and then I get a nasty email to postmaster from someone insisting that I
stop spamming him - I don't like people claiming to be me.
I am only just catching up on SRS/SPF mail after being away for several
weeks, but I think I now know enough to know that it's not worth pursuing.
Maybe for you, but it is for me....
I am all in favour of modifying E-mail in such a way as to make spammers'
lives difficult, but SPF is not the way to go. In essence my conclusions
are:
I'm snipping your points not because I don't agree, because on many of them I
do, but I'm not an ISP selling accounts - I'm a vanity domain and I believe
that a wholesale fix to email will not happen either, we work instead by
patching the holes one-by-one until spamming becomes uneconomic. YMMV, and
probably will, I'm not saying this is the answer for you, but for me it's
something I can do, now, that does something.
If you've read this far - thanks, and thanks for providing an interesting
discussion for me to read. Time for me to sign off now though; the volume
of mail on this list is too much for me to deal with in addition to my spam
and viruses :-)
I did, and I welcome your discussion, even where I disagree. I'd rather be in
a forum where people disagree on "what can be done" than in one where people
discuss "why nothing can be done"... so thanks for your points.
Cheers
--
Tim