IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

"Alan DeKok" <aland@freeradius.org> Mon, 19 May 2003 12:43 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA19287 for <asrg-archive@odin.ietf.org>; Mon, 19 May 2003 08:43:44 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4JCCf912803 for asrg-archive@odin.ietf.org; Mon, 19 May 2003 08:12:41 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JCCfB12800 for <asrg-web-archive@optimus.ietf.org>; Mon, 19 May 2003 08:12:41 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA19258; Mon, 19 May 2003 08:43:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Hk0l-00038F-00; Mon, 19 May 2003 08:45:03 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Hk0l-00038C-00; Mon, 19 May 2003 08:45:03 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JC7PB12325; Mon, 19 May 2003 08:07:25 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JC6bB11735 for <asrg@optimus.ietf.org>; Mon, 19 May 2003 08:06:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA19110 for <asrg@ietf.org>; Mon, 19 May 2003 08:37:10 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Hjut-00036B-00 for asrg@ietf.org; Mon, 19 May 2003 08:38:59 -0400
Received: from giles.striker.ottawa.on.ca ([192.139.46.36] helo=mail.nitros9.org ident=root) by ietf-mx with esmtp (Exim 4.12) id 19Hjus-000368-00 for asrg@ietf.org; Mon, 19 May 2003 08:38:59 -0400
Received: from localhost ([127.0.0.1] helo=giles.striker.ottawa.on.ca ident=aland) by mail.nitros9.org with esmtp (Exim 3.34 #1) id 19Hk71-0002q8-00 for asrg@ietf.org; Mon, 19 May 2003 08:51:31 -0400
From: Alan DeKok <aland@freeradius.org>
To: asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
In-Reply-To: Your message of "Sun, 18 May 2003 17:23:08 MDT." <200305182323.h4INN86h010036@calcite.rhyolite.com>
Message-Id: <E19Hk71-0002q8-00@mail.nitros9.org>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 19 May 2003 08:51:31 -0400

Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
> >   Even worse, there is no proven connection between the spam and the
> > hotmail/yahoo account which is allegedly the sender.  The data are
> > entirely consistent with spammers using lists of verified email
> > addresses to forge 'From:' lines.
> 
> That would be make sense only if the number of hotmail/yahoo spam
> sender addresses were proportional to the number of hotmail/yahoo
> addresses among all targets of spam.

  I disagree.  You're assuming that the spammers will distribute the
'from' addresses evenly among email addresses they have.  I see no
reason why that's true.  I used to receive waves of bounces &
notifications about spam allegedly "from" my domain.  I did *not*
receive a steady trickly of such bounces.

>  Unless you think that most spam targets are at free providers, you
> must assume that spammers have some reason for prefering to send as
> if from free providers.

  Spammers do it, therefore they believe it's useful.  Our ignorance
as to *why* they believe it's useful isn't an argument disproving
their behaviour.

  Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.31.3 | Report a Bug | By Email | System Status