IETF Logo Mail Archive

Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well

Barry Shein <bzs@world.std.com> Sat, 14 June 2003 03:14 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA03765 for <asrg-archive@odin.ietf.org>; Fri, 13 Jun 2003 23:14:03 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5E3DY816144 for asrg-archive@odin.ietf.org; Fri, 13 Jun 2003 23:13:34 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5E3DTm16141 for <asrg-web-archive@optimus.ietf.org>; Fri, 13 Jun 2003 23:13:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA03757; Fri, 13 Jun 2003 23:13:24 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19R1Rj-0003f5-00; Fri, 13 Jun 2003 23:11:15 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19R1Ri-0003f2-00; Fri, 13 Jun 2003 23:11:14 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5DLt2a24959; Fri, 13 Jun 2003 17:55:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5DLt0m24939 for <asrg@optimus.ietf.org>; Fri, 13 Jun 2003 17:55:00 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA24496 for <asrg@ietf.org>; Fri, 13 Jun 2003 17:54:57 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19QwTY-0001bl-00 for asrg@ietf.org; Fri, 13 Jun 2003 17:52:48 -0400
Received: from pcls2.std.com ([199.172.62.104] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19QwTX-0001be-00 for asrg@ietf.org; Fri, 13 Jun 2003 17:52:48 -0400
Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h5DLstaT006536 for <asrg@ietf.org>; Fri, 13 Jun 2003 17:54:55 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id RAA15007; Fri, 13 Jun 2003 17:54:55 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16106.18479.22082.172583@world.std.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well
In-Reply-To: <20030612202450.1BC97DE41@dumbo.pobox.com>
References: <20030612202450.1BC97DE41@dumbo.pobox.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Fri, 13 Jun 2003 17:54:55 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

To use an analogy, this approach still strikes me as trying to cut
traffic down 25% on a four lane highway by blocking one lane with
orange cones.

The traffic will just flow around it.

And "studies" showing that 25% of the traffic does in fact use the
lane to be blocked aren't really persuasive, which is how these
studies claiming that spammers frequently forge big domains into their
heads strike me.

It's not like spammers can't change their behavior, they often do, and
this one isn't even hard to change.

I think it's all somewhat similar to what John Gilmore is usually
credited with saying; that censorship on the internet is viewed as
damage and routed around. This isn't censorship (anyone who jumps on
that gets my idiot award), but it's very similarly flawed, it's too
easy to just route around this to get excited about it.

On the other hand these schemes are possibly useful outside of the
spam context as a weak form of authentication (hence, I think, outside
of the scope of this research group.)

For example, did this letter from my bank actually come from my bank?

If it's just a notice that there's a special on car loans this month
it's comforting to know it's probably really from my bank and clicking
the link probably won't take me to a throbbing H0T L0LlTAZ!!! site.

However, if it demands I respond with my account and PIN numbers I
think it would be better to be suspicious even if it did appear to
have come from my bank by this method of verification. So, a weak
authentication scheme.

But I think its potential effect on spam is minimal.


-- 
        -Barry Shein

Software Tool & Die    | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email