RE: [Asrg] Is there anything good enough? - Spoofing stats
"Hallam-Baker, Phillip" <pbaker@verisign.com> Thu, 08 May 2003 01:24 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA26520 for <asrg-archive@odin.ietf.org>; Wed, 7 May 2003 21:24:14 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h481XSx13058 for asrg-archive@odin.ietf.org; Wed, 7 May 2003 21:33:28 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h481XR813055 for <asrg-web-archive@optimus.ietf.org>; Wed, 7 May 2003 21:33:27 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA26484; Wed, 7 May 2003 21:23:43 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DaAN-0006o9-00; Wed, 07 May 2003 21:25:47 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19DaAN-0006o6-00; Wed, 07 May 2003 21:25:47 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h481VF812811; Wed, 7 May 2003 21:31:15 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47M5E828139 for <asrg@optimus.ietf.org>; Wed, 7 May 2003 18:05:14 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19148 for <asrg@ietf.org>; Wed, 7 May 2003 17:55:35 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DWuw-0005Ad-00 for asrg@ietf.org; Wed, 07 May 2003 17:57:38 -0400
Received: from peacock.verisign.com ([65.205.251.73]) by ietf-mx with esmtp (Exim 4.12) id 19DWuv-0005Aa-00 for asrg@ietf.org; Wed, 07 May 2003 17:57:37 -0400
Received: from mou1wnexc02.verisign.com (verisign.com [65.205.251.54]) by peacock.verisign.com (8.12.9/) with ESMTP id h47LwQdv023691; Wed, 7 May 2003 14:58:26 -0700 (PDT)
Received: by mou1wnexc02.verisign.com with Internet Mail Service (5.5.2653.19) id <K1JBVMT7>; Wed, 7 May 2003 14:58:26 -0700
Message-ID: <CE541259607DE94CA2A23816FB49F4A301AE2459@vhqpostal6.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: "'asrg@ietf.org'" <asrg@ietf.org>, Barry Shein <bzs@world.std.com>, Alan DeKok <aland@freeradius.org>
Subject: RE: [Asrg] Is there anything good enough? - Spoofing stats
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 07 May 2003 14:58:24 -0700
We have very similar statistics, spoofing is very common. The reason the spam senders do it is that they do not want to leave a trail. Quite why it is worthwhile to send out huge volumes of spam without any means of contacting the purported vendor cannot be said with certainty at this point. I have theories but I prefer to share them with law enforcement. Phill > -----Original Message----- > From: David Walker [mailto:antispam@grax.com] > Sent: Wednesday, May 07, 2003 11:59 AM > To: Barry Shein; Alan DeKok > Cc: asrg@ietf.org > Subject: Re: [Asrg] Is there anything good enough? - Spoofing stats > > > With regards to spoofing being a minor problem. > Out of 3130 denied messages > (to accounts I had to stop because they were receiving 100% spam) > @juno.com | 36 > @netscape.com | 38 > @email.com | 40 > @excite.com | 50 > @lycos.com | 50 > @earthlink.net | 71 > @msn.com | 72 > @yemenmail.com | 93 > @hotmail.com | 241 > @aol.com | 298 > @yahoo.com | 311 > Total | 1300 > > 1300 out of 3130 = 41% of all my denies are very high > likelyhood spoofs from > the popular domains > 1050 out of 3130 = 34% are guaranteed spoofs (The helo name > is not remotely > associated with the spoofed domain) from the popular domains. > (These numbers do not represent all spoofing I receive but > rather just the > spoofing to popular domains) > > So it doesn't look like a minor problem to me. Sure it is > easy to avoid by > 1. switching to domains that have not implemented RMX yet > 2. by setting up your own domains > but in the first case the DNS admin would have a tool to > fight them (he can > configure his RMX records) and with the second there is a > cost involved. > > Assuming just the 11 domains and I implement RMX it becomes > useful as I could > receive messages from my friends and family that use those services. > > On Tuesday 06 May 2003 05:26 pm, Barry Shein wrote: > > No, the problem is that this spoofing is a minor problem and any > > solution is easily evaded by spammers. > > _______________________________________________ > Asrg mailing list > Asrg@ietf.org > https://www1.ietf.org/mailman/listinfo/asrg > _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Is there anything good enough? - Spoof… Hallam-Baker, Phillip
- RE: [Asrg] Is there anything good enough? - Spoof… Eric D. Williams
- RE: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- RE: [Asrg] Is there anything good enough? - Spoof… Scott Nelson
- Re: [Asrg] Is there anything good enough? - Spoof… Alan DeKok