Re: [Asrg] Spammer responses to SPF
Scott Nelson <scott@spamwolf.com> Tue, 17 June 2003 02:42 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13594 for <asrg-archive@odin.ietf.org>; Mon, 16 Jun 2003 22:42:07 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5H2ffE28584 for asrg-archive@odin.ietf.org; Mon, 16 Jun 2003 22:41:41 -0400
Received: from ietf.org (lists.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5H2ffm28581 for <asrg-web-archive@optimus.ietf.org>; Mon, 16 Jun 2003 22:41:41 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13585; Mon, 16 Jun 2003 22:41:37 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19S6NW-0001kq-00; Mon, 16 Jun 2003 22:39:22 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19S6NW-0001kn-00; Mon, 16 Jun 2003 22:39:22 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5GM52a08367; Mon, 16 Jun 2003 18:05:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5GM4dm08332 for <asrg@optimus.ietf.org>; Mon, 16 Jun 2003 18:04:39 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA04990 for <asrg@ietf.org>; Mon, 16 Jun 2003 18:04:35 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19S23S-0007Rl-00 for asrg@ietf.org; Mon, 16 Jun 2003 18:02:22 -0400
Received: from adsl-66-120-64-133.dsl.snfc21.pacbell.net ([66.120.64.133] helo=magic1.org) by ietf-mx with smtp (Exim 4.12) id 19S23R-0007Rb-00 for asrg@ietf.org; Mon, 16 Jun 2003 18:02:21 -0400
Message-Id: <aT5vaIe86J8qbrGpE02@x>
To: asrg@ietf.org
From: Scott Nelson <scott@spamwolf.com>
Subject: Re: [Asrg] Spammer responses to SPF
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 16 Jun 2003 15:04:47 -0700
At 04:33 PM 6/16/03 +0200, Markus Stumpf wrote: >On Sat, Jun 14, 2003 at 01:58:58AM -0400, Meng Weng Wong wrote: >> On Fri, Jun 13, 2003 at 05:54:55PM -0400, Barry Shein wrote: >> | >> | It's not like spammers can't change their behavior, they often do, and >> | this one isn't even hard to change. >> >> I agree; we must play good chess. If SPF/DMP/RMX/... goes in, what do >> you think the spammers will do next? > >spammers will switch back to empty envelope senders. >Then all people will start to block bounces. >This causes the eMail-system to become totally unreliable. > [Note - this is an opinion piece with little or no hard data.] I don't think so. First, only people who don't understand what empty envelope sender means will block them all. I'm guessing that's a majority of the end users, but not a significant fraction of the people who make the mail system work. Spam with an empty envelope isn't ever going to be effective, since most will filter it out. Also, more effective blocking of "empties" that aren't DSNs is possible. We just don't do it (yet) because there isn't much call for it. For example, only accepting a standardized bounce (i.e. one following RFC 1894) would stop most of the spam but only a tiny fraction of the real DSNs. The second round of this is spam that really looks like an RFC 1894 DSN. That leads to DSNs including tokens from the original messages. (identifiable message-ids) I don't think there's a third round - they can't go further, and the damage caused is limited to that state. So we lose some reliability (because a few real DSNs will be discarded) but we'd still have enough to keep the system mostly reliable. Does that mean I think spammers won't use empty envelopes? No. "Spammers" is not a single entity. It's possible that even single spammers will try many different approaches, but certainly as group, they will try almost everything they can think of. Thus, they won't switch to empty envelopes, they'll do empty envelopes /as well/. Or rather, some will do empty envelopes, while some will continue to forge envelopes, and some will buy dozens of new domains to spam "from". This may seem a trivial distinction, but I think it's important. We aren't facing an enemy army, with a cohesive leadership, it's more like a thousand guerrillas. Scott Nelson <scott@spamwolf.com> _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Re: SPF: Objection 8 Jon Kyme
- Re: [Asrg] Spammer responses to SPF Yakov Shafranovich
- [Asrg] Re: SPF: Summary of Objections, erratum Meng Weng Wong
- [Asrg] Re: SPF: Objection 5 Meng Weng Wong
- [Asrg] Re: SPF: Objection 8 Meng Weng Wong
- [Asrg] Re: SPF: Objection 7 Meng Weng Wong
- [Asrg] Re: SPF: Objections 1 and 2 Meng Weng Wong
- [Asrg] Re: SPF: Objection 9 Meng Weng Wong
- [Asrg] Re: SPF: Objection 6 Meng Weng Wong
- [Asrg] Re: SPF: Objections 3 and 4 Meng Weng Wong
- [Asrg] SPF: Summary of Objections Meng Weng Wong
- [Asrg] Re: SPF: Objection 9 Jon Kyme
- Re: [Asrg] Re: SPF: Objection 7 Barry Shein
- Re: [Asrg] Re: SPF: Objection 8 Barry Shein
- Re: [Asrg] Spammer responses to SPF Scott Nelson
- Re: [Asrg] SPF: Summary of Objections Vernon Schryver
- Re: [Asrg] SPF: Summary of Objections Dave Crocker
- Re: [Asrg] Spammer responses to SPF Markus Stumpf
- Re: [Asrg] SPF: Summary of Objections Dave Crocker
- Re: [Asrg] Spammer responses to SPF Scott Nelson
- [Asrg] Reverse DNS requirement Steven F Siirila
- [Asrg] Increase in spoofed spam using bogus sender Eric Dean