Re: [Asrg] Is there anything good enough? - Spoofing stats

[Barry Shein <bzs@world.std.com>]

On May 7, 2003 at 10:58 antispam@grax.com (David Walker) wrote:
 > With regards to spoofing being a minor problem.
 > Out of 3130 denied messages 

I think the distinction here is qualitative (minor) versus
quantitative (minor.)

I have no doubt that spammers (ab)use addresses such as
refi@hotmail.com millions of times per day.

I just believe that if we made that impossible they'd change it to
refi@hotmai1.com or even just refi@openrelay.com and not miss a beat.

In that sense it's minor, of minor value or potential hinderance to
them, qualitatively minor. If it's "free", sure, why not? But if they
can't, it won't make much difference to them.

Besides, as another note pointed out, all most users ever see is the
From: header anyhow, but even if that were impossible...

Also, laws such as the recent Virginia law are promising to make this
network hooliganism more legally dangerous since the law specifically
assigns criminal penalties to such header forgery. Whether that's
worth anything remains to be seen, but my impression is that many
spammers are champing at the bits (as it were) to be able to operate
as legitimate businesses, they're somewhat limited in earning
potential as outlaws.

(rest of msg is the rest of included msg...)

 > (to accounts I had to stop because they were receiving 100% spam)
 >  @juno.com                                        |    36
 >  @netscape.com                                    |    38
 >  @email.com                                       |    40
 >  @excite.com                                      |    50
 >  @lycos.com                                       |    50
 >  @earthlink.net                                   |    71
 >  @msn.com                                         |    72
 >  @yemenmail.com                                   |    93
 >  @hotmail.com                                     |   241
 >  @aol.com                                         |   298
 >  @yahoo.com                                       |   311
 > Total | 1300
 > 
 > 1300 out of 3130 = 41% of all my denies are very high likelyhood spoofs from 
 > the popular domains
 > 1050 out of 3130 = 34% are guaranteed spoofs (The helo name is not remotely 
 > associated with the spoofed domain) from the popular domains.
 > (These numbers do not represent all spoofing I receive but rather just the 
 > spoofing to popular domains)
 > 
 > So it doesn't look like a minor problem to me.  Sure it is easy to avoid by
 > 1. switching to domains that have not implemented RMX yet
 > 2. by setting up your own domains
 > but in the first case the DNS admin would have a tool to fight them (he can 
 > configure his RMX records) and with the second there is a cost involved.
 > 
 > Assuming just the 11 domains and I implement RMX it becomes useful as I could 
 > receive messages from my friends and family that use those services.
 > 
 > On Tuesday 06 May 2003 05:26 pm, Barry Shein wrote:
 > > No, the problem is that this spoofing is a minor problem and any
 > > solution is easily evaded by spammers.

-- 
        -Barry Shein

Software Tool & Die    | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg