-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 11 September 2004 02:45 am, Fridrik Skulason wrote:
Actually, it is not quite that simple - this "simple concept" assumes
that the cost will be born by the spammer, but that is just not the case.
Just consider the bot spam distribution networks. Guess who will pay
the extra cost? The spammer or the people actually owning the
compromised machines.
Are you considering the cost of infecting the machines that are capable of
sending spam? What about the cost of maintaining a database of infected
machines, tracking which ones are infected, and managing the machines so
that they do not get detected by the ISP? Do you realize that spammers are
now paying crackers and worm writers for the zombified machines? Isn't that
increasing the cost of spam?
How much more is it going to cost spammers when people no longer receive
email from DSL / Cable modem connected machines unless it gets an SPF PASS?
They will be further limited in the domains they can use, and the
likelihood of someone listing a machine that isn't protected as a valid
sender for a domain that is not a spam domain is vanishingly small. If they
are able to exploit a domain that isn't considered spam (ie, has a good
reputation or has good accreditation), and then begin abusing it, how long
will their abuse last before the reputation becomes negative?
When I say "cost" I mean "cost". Everything the spammer has to do to send a
piece of spam nowadays is a cost. These costs don't have a monetary value
in many cases because they are paid in time, risk of getting caught, cost
in discovering people who wholesale these machines, cost of communicating
and verifying yourself as someone they would like to do business with, and
then the cost of losing these zombies because using them will expose the
zombies or get their subnet listed on blacklists.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBRff5BFeYcclU5Q0RAtcKAKCZ6rzhcdR87H1EIaYxf+gc34Q74wCdH39B
b7AipySshlH/Gfa18OyjAS8=
=UF88
-----END PGP SIGNATURE-----