IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

Michael Rubel <asrg@mikerubel.org> Mon, 19 May 2003 01:20 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA22398 for <asrg-archive@odin.ietf.org>; Sun, 18 May 2003 21:20:36 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4J0nKB20029 for asrg-archive@odin.ietf.org; Sun, 18 May 2003 20:49:20 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J0nJB20026 for <asrg-web-archive@optimus.ietf.org>; Sun, 18 May 2003 20:49:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA22387; Sun, 18 May 2003 21:20:06 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HZLg-0006UE-00; Sun, 18 May 2003 21:21:56 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19HZLf-0006UB-00; Sun, 18 May 2003 21:21:55 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J0j5B19868; Sun, 18 May 2003 20:45:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J0igB19837 for <asrg@optimus.ietf.org>; Sun, 18 May 2003 20:44:42 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA22327 for <asrg@ietf.org>; Sun, 18 May 2003 21:15:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HZHC-0006T6-00 for asrg@ietf.org; Sun, 18 May 2003 21:17:18 -0400
Received: from brego.library.caltech.edu ([131.215.225.186] helo=entropy.galcit.caltech.edu) by ietf-mx with esmtp (Exim 4.12) id 19HZHC-0006T3-00 for asrg@ietf.org; Sun, 18 May 2003 21:17:18 -0400
Received: from localhost (localhost [127.0.0.1]) by entropy.galcit.caltech.edu (Postfix) with ESMTP id 67709AA9; Sun, 18 May 2003 21:18:33 -0400 (EDT)
From: Michael Rubel <asrg@mikerubel.org>
X-X-Sender: mrubel@entropy.galcit.caltech.edu
To: Vernon Schryver <vjs@calcite.rhyolite.com>
Cc: asrg@ietf.org
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
In-Reply-To: <200305182323.h4INN86h010036@calcite.rhyolite.com>
Message-ID: <Pine.LNX.4.44.0305181804300.1019-100000@entropy.galcit.caltech.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 18 May 2003 18:18:33 -0700

ad> Even worse, there is no proven connection between the spam and the
ad> hotmail/yahoo account which is allegedly the sender.  The data are
ad> entirely consistent with spammers using lists of verified email
ad> addresses to forge 'From:' lines.

vs> That would be make sense only if the number of hotmail/yahoo spam
vs> sender addresses were proportional to the number of hotmail/yahoo
vs> addresses among all targets of spam.

Vernon,

Wouldn't this objection only apply if you assume that spammers are
selecting MAIL FROM: addresses uniformly?  That is, if you assume each
address in their lists is given equal probability?

Do spammers who do forge prefer to send MAIL FROM: big free targets,
no-name targets, or have no preference?  I honestly don't know the
answer to this one, but anecdotally I suspect they prefer to hit the
big-name targets.

Mike

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.31.3 | Report a Bug | By Email | System Status