IETF Logo Mail Archive

RE: [Asrg] Let's start again at the beginning...

"Eric D. Williams" <eric@infobro.com> Wed, 07 May 2003 18:27 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11391 for <asrg-archive@odin.ietf.org>; Wed, 7 May 2003 14:27:03 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h47Ia9q10259 for asrg-archive@odin.ietf.org; Wed, 7 May 2003 14:36:09 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47Ia9810256 for <asrg-web-archive@optimus.ietf.org>; Wed, 7 May 2003 14:36:09 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11351; Wed, 7 May 2003 14:26:33 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DTef-0003dd-00; Wed, 07 May 2003 14:28:37 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19DTef-0003da-00; Wed, 07 May 2003 14:28:37 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IXY809825; Wed, 7 May 2003 14:33:34 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IOf809095 for <asrg@optimus.ietf.org>; Wed, 7 May 2003 14:24:41 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10888 for <asrg@ietf.org>; Wed, 7 May 2003 14:15:06 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DTTa-0003VE-00 for asrg@ietf.org; Wed, 07 May 2003 14:17:10 -0400
Received: from black.infobro.com ([63.71.25.39] helo=infobro.com) by ietf-mx with smtp (Exim 4.12) id 19DTTZ-0003Uh-00 for asrg@ietf.org; Wed, 07 May 2003 14:17:09 -0400
Received: from red (unverified [207.199.136.153]) by infobro.com (EMWAC SMTPRS 0.83) with SMTP id <B0002402048@infobro.com>; Wed, 07 May 2003 14:17:22 -0400
Received: by localhost with Microsoft MAPI; Wed, 7 May 2003 14:17:20 -0400
Message-ID: <01C314A3.5F1BAD60.eric@infobro.com>
From: "Eric D. Williams" <eric@infobro.com>
To: 'Barry Shein' <bzs@world.std.com>, "asrg@ietf.org" <asrg@ietf.org>
Subject: RE: [Asrg] Let's start again at the beginning...
Organization: Information Brokers, Inc.
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 07 May 2003 14:14:43 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

On Wednesday, May 07, 2003 1:32 PM, Barry Shein [SMTP:bzs@world.std.com] wrote:
>
> I realize it's very exciting to think you're each going to be the one
> who is going to gain fame and glory by solving the spam problem.

That may be a goal of some, not all.

> But it's not going to happen unless one understands the problem, the
> actual mechanics of spam. Just knowing some SMTP and DNS etc and
> having gotten some spam isn't enough.
>
> More importantly, for a group to make progress there has to be some
> common vision of what problem they're trying to solve. This group
> isn't there yet.

You are singing the same song I have been singing from the day I signed on to 
this RG.

> Towards that end I think we need to first stop with the instant eureka
> aren't I a genius solutions and spend some time on a taxonomy of spam
> and what a solution might look like, glib responses such as "spam is
> email I don't want" and "a solution is getting less email I don't
> want" aside.

I agree.  There are several early threads with respect to that point.  In any 
event I include here at least my starting point for a description of the 
problem (it is not complete):

<INSERT>
On Saturday, March 29, 2003 10:52 PM, Eric D. Williams [SMTP:eric@infobro.com]
wrote:
> ... if we are attempting to define 'spam' then
> we should not get into a definition of content description.  Jim and Dave you
> accurately point out that one man's garbage is another man's treasure but I
> don't see how this approaches a definition of what 'spam' is.  I think I will
> give it try.
>
> SPAM - 1. Messaging in the MTS which violates best current practices for MTA
> providers to assure proper canonical representation of it's originator. 2. A
> message that does not reflect accurate information for its originator or that
> is transmitted with simulated information nominally used to trace origination
> [that's a tight squeeze as it ignores incorrect configurations].  3) A
> message with fraudulent tracking information that is in fact flawed at
> origination to obfuscate its origin.
<PAUSE>
I will interject here :

  4) A message that obfuscates the list of recipients by introducing
     multiple recipient addresses foreign to the receiving domain or
     unrelated to the primary recipient at the receiving domain within
     the SMTP transaction envelope.
</PAUSE>
> SPAMMER - A user, company or other end entity that engages in introducing
> SPAM into the MTS.
>
> I think these may be a start because they do not address intent or
> content of the message sent, quantity sent, transport used or who
> receives it.  to me the basic problem is you have problems applying
> any effective filters or blocks against it because of the improper
> information used to construct it.
</INSERT>

> For example, we keep making references to header forgery, envelope
> forgery, etc, they're certainly aspects.
>
> What about abuse of BCC, abuse of RCPT TO (sticking dozens of
> recipients in the envelope not in the header), dictionary attacks,
> spam zombies (machines infected with viruses which turn them into
> unwitting spam relays), open relays, proxies, spam-friendly ISPs,
> real-time blocking, DNSBL, DNS spoofing and poisoning, wire-fraud
> laws, current state of anti-spam legislation, rules of evidence
> regarding these laws and how technical changes might improve the
> quality of that evidence, etc.

I think we could attempt to incorporate all of the into the existing taxonomy 
where they do not exist.  A review of the archives should expose that edition 
somewhere in the thousands of messages, or perhaps some one could provide a 
pointer to the most recent version (Paul?).

> How much spam is actual commercial (even if low-quality) enterprise,
> and how much is just script kiddies harasssing sites knowing that if
> you call in law enforcement as soon as they see the words "penis
> enlargement" they patronize you and explain what spam is and hang up?
> And the script kiddies get to laugh their butts off. How might
> anything we do here help distinguish between the two?

Maybe it's a typo but I am having trouble following you here.  In any event it 
may not be relevant to distinguish between the two (at the technical/prevention 
level) but development of a harassment criteria may be a worthy goal.

8<...>8
> Did you know that a typical lifetime of a spammer's web site is under
> two hours? How exactly do they do that?

Could you provide a pointer to the resource(s) where you gathered that 
information?  I would like to incorporate this type of information into a list 
of informative references.

> Or we can continue with the testosterone stench trying desparately to
> distract from the ignorance.
>
> Been there, done that, passed on the T-shirt.

Indeed.

Regards,

-e
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email