IETF Logo Mail Archive

RE: [Asrg] News Article - Microsoft and spam

"Hallam-Baker, Phillip" <pbaker@verisign.com> Thu, 26 June 2003 17:32 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10320 for <asrg-archive@odin.ietf.org>; Thu, 26 Jun 2003 13:32:15 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5QHTHS04853 for asrg-archive@odin.ietf.org; Thu, 26 Jun 2003 13:29:17 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VaYf-0001GC-F3 for asrg-web-archive@optimus.ietf.org; Thu, 26 Jun 2003 13:29:17 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10252; Thu, 26 Jun 2003 13:29:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VaYd-00045B-00; Thu, 26 Jun 2003 13:29:15 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19VaYX-000458-00; Thu, 26 Jun 2003 13:29:09 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VaYP-0001EJ-AJ; Thu, 26 Jun 2003 13:29:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VaXw-0001Du-Ps for asrg@optimus.ietf.org; Thu, 26 Jun 2003 13:28:47 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10248 for <asrg@ietf.org>; Thu, 26 Jun 2003 13:28:30 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VaXu-000450-00 for asrg@ietf.org; Thu, 26 Jun 2003 13:28:30 -0400
Received: from peacock.verisign.com ([65.205.251.73]) by ietf-mx with esmtp (Exim 4.12) id 19VaXk-00044p-00 for asrg@ietf.org; Thu, 26 Jun 2003 13:28:20 -0400
Received: from mou1wnexc02.verisign.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.9/) with ESMTP id h5QHRbch005913; Thu, 26 Jun 2003 10:27:37 -0700 (PDT)
Received: by mou1wnexc02.verisign.com with Internet Mail Service (5.5.2653.19) id <LYL039WC>; Thu, 26 Jun 2003 10:27:37 -0700
Message-ID: <2A1D4C86842EE14CA9BC80474919782E0D229A@mou1wnexm02.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: 'Vernon Schryver' <vjs@calcite.rhyolite.com>, asrg@ietf.org
Subject: RE: [Asrg] News Article - Microsoft and spam
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 26 Jun 2003 10:27:36 -0700

I think that we have to be realistic about the cost/benefit issue here.

Yes it is possible for a spammer to hire people to sign up for these
schemes. However to do so requires capital which has an effect on the
starting out spam senders.

A spam sender that tries to do this in  bulk is going to start to hit limits
on the number of addresses a given IP address can sign up for at a time. 

It strikes me that it might be a good scheme to allow the spam senders to
register large numbers of domains but mark them as being suspect spamhaus
addresses. Then monitor the emails being sent out with spam filters and chop
the account.

		Phill


> -----Original Message-----
> From: Vernon Schryver [mailto:vjs@calcite.rhyolite.com]
> Sent: Thursday, June 26, 2003 12:58 PM
> To: asrg@ietf.org
> Subject: Re: [Asrg] News Article - Microsoft and spam
> 
> 
> > From: Yakov Shafranovich <research@solidmatrix.com>
> 
> > ...
> > I was wondering about that as well. Would hiring people for 
> go through the 
> > human interface test increases the costs for spammers? Does 
> it matter since 
> > the cost is so small anyway? What about in a C/R system 
> where a human 
> > interface test is used, would spammers actually go ahead 
> and hire people to 
> > pass the test from each bounced message?
> 
> Let's do some arithmetic.  At $10/hour and 10 seconds per challenge
> answered or account created, the cost would be about $0.03 address.
> That sounds a little but not very high to send mail until the
> challenge whitelist entry is deleted by the spam target.  It sounds
> low for a valid sender account that can be used for millions of
> messages for days until the free provider notices enough bounces
> or receives a complaint and terminates it.
> 
> Free providers often impose delays of more than 10 seconds for
> account creation.  That can be handled by giving your $10/hour
> employees big monitors and have them run several windows 
> simultaneously
> to overlap with the delays.  Pay them by the account created or
> challenge answered to keep them busy.  Use software to automate
> most of the process, including counting and checking the work.
> Don't worry about the U.S.  labor laws about piece work, since
> you're probably breaking lots of other laws.
> 
> I wonder how much of the flood of "work at home" spam today involves
> free mail account creation jobs?
> 
> 
> Vernon Schryver    vjs@rhyolite.com
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
> 

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email