Re: [Asrg] Some data on the validity of MAIL FROM addresses

[Vernon Schryver <vjs@calcite.rhyolite.com>]

> From: Kee Hinckley <nazgul@somewhere.com>

> ...
> Vernon has regularly made the claim that a significant proportion of 
> spam messages have valid MAIL FROM's.  That means that bounces will 
> go the the spammer.  This has significant ramifications for C/R 
> systems (especially auto-respond ones) since it means that should 
> they have to, spammers could respond to challenges.

> ...
> Interesting that the results vary so much by ISP.  Yahoo accounts are 
> pretty valid.  Hotmail accounts are pretty bad.  AOL is quite good. 
> Earthlink has a problem.  MSN's slightly better, but still negative.
>
> In general though, it appears that Vernon is correct.  If my sample 
> is representative, a large percentage of spam is coming from real 
> email addresses.

Actually, my claim differs somewhat.  It is that most spam with free
provider MAIL_FROM values is not "forged" but that the spammer can
legitimately claim to own the MAIL_FROM value even if it has since
been terminated by the ISP.  Your data is consistent with my claim as
well as with the widely believed belief that Hotmail is much quicker
to terminate spam drop-boxes than Yahoo.

Long ago AOL had a problem in providing drop-boxes to spammers.  By
many accounts, they fixed that problem about the time AOL MAIL_FROM
values largely disappeared from spam.  AOL representatives said they
fixed the problem by various mechanisms including requiring and checking
credit card numbers of all new subscribers before or during account
acctiviation.  In recent months I've noticed a lot of spam with AOL
MAIL_FROM values.  Recent AOL "free" offers trumpet not requiring a
credit card number for account activation.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg