spf-discuss
[Top] [All Lists]

Re: Spam undetectable by SPF (domain reputation) or Bayesian (content)?

2004-09-13 12:41:42
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 11 September 2004 02:45 am, Fridrik Skulason wrote:

Actually, it is not quite that simple - this "simple concept" assumes
that the cost will be born by the spammer, but that is just not the case.

Just consider the bot spam distribution networks.  Guess who will pay
the extra cost?  The spammer or the people actually owning the
compromised machines.


Are you considering the cost of infecting the machines that are capable of 
sending spam? What about the cost of maintaining a database of infected 
machines, tracking which ones are infected, and managing the machines so 
that they do not get detected by the ISP? Do you realize that spammers are 
now paying crackers and worm writers for the zombified machines? Isn't that 
increasing the cost of spam?

How much more is it going to cost spammers when people no longer receive 
email from DSL / Cable modem connected machines unless it gets an SPF PASS? 
They will be further limited in the domains they can use, and the 
likelihood of someone listing a machine that isn't protected as a valid 
sender for a domain that is not a spam domain is vanishingly small. If they 
are able to exploit a domain that isn't considered spam (ie, has a good 
reputation or has good accreditation), and then begin abusing it, how long 
will their abuse last before the reputation becomes negative?

When I say "cost" I mean "cost". Everything the spammer has to do to send a 
piece of spam nowadays is a cost. These costs don't have a monetary value 
in many cases because they are paid in time, risk of getting caught, cost 
in discovering people who wholesale these machines, cost of communicating 
and verifying yourself as someone they would like to do business with, and 
then the cost of losing these zombies because using them will expose the 
zombies or get their subnet listed on blacklists.

- -- 
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBRff5BFeYcclU5Q0RAtcKAKCZ6rzhcdR87H1EIaYxf+gc34Q74wCdH39B
b7AipySshlH/Gfa18OyjAS8=
=UF88
-----END PGP SIGNATURE-----