IETF Logo Mail Archive

Re: [Asrg] Some data on the validity of MAIL FROM addresses

Kee Hinckley <nazgul@somewhere.com> Mon, 19 May 2003 01:06 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA22199 for <asrg-archive@odin.ietf.org>; Sun, 18 May 2003 21:06:53 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4J0ZbS18622 for asrg-archive@odin.ietf.org; Sun, 18 May 2003 20:35:37 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J0ZaB18619 for <asrg-web-archive@optimus.ietf.org>; Sun, 18 May 2003 20:35:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA22170; Sun, 18 May 2003 21:06:23 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HZ8P-0006QF-00; Sun, 18 May 2003 21:08:13 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19HZ8P-0006QC-00; Sun, 18 May 2003 21:08:13 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J0VIB18465; Sun, 18 May 2003 20:31:18 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4J0UbB18390 for <asrg@optimus.ietf.org>; Sun, 18 May 2003 20:30:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21964 for <Asrg@ietf.org>; Sun, 18 May 2003 21:01:24 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HZ3a-0006Lm-00 for Asrg@ietf.org; Sun, 18 May 2003 21:03:14 -0400
Received: from www.somewhere.com ([66.92.72.194] helo=somewhere.com) by ietf-mx with esmtp (Exim 4.12) id 19HZ3Z-0006Lh-00 for Asrg@ietf.org; Sun, 18 May 2003 21:03:13 -0400
Received: from [66.92.72.194] (account nazgul HELO [192.168.1.104]) by somewhere.com (CommuniGate Pro SMTP 3.5.7) with ESMTP-TLS id 2365090; Sun, 18 May 2003 20:04:31 -0500
Mime-Version: 1.0
X-Sender: nazgul@somewhere.com@pop.messagefire.com
Message-Id: <p06001228baeddcf0ccf3@[192.168.1.104]>
In-Reply-To: <200305181302.h4ID2ixg011987@calcite.rhyolite.com>
References: <p06001254baeb12ff775c@[192.168.1.104]> <200305181302.h4ID2ixg011987@calcite.rhyolite.com>
To: Vernon Schryver <vjs@calcite.rhyolite.com>
From: Kee Hinckley <nazgul@somewhere.com>
Subject: Re: [Asrg] Some data on the validity of MAIL FROM addresses
Cc: Asrg@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 18 May 2003 21:01:58 -0400

At 7:02 AM -0600 5/18/03, Vernon Schryver wrote:
>Actually, my claim differs somewhat.  It is that most spam with free
>provider MAIL_FROM values is not "forged" but that the spammer can
>legitimately claim to own the MAIL_FROM value even if it has since
>been terminated by the ISP.  Your data is consistent with my claim as

Understood.  One reason I chose a recent sample was to try and avoid 
missing accounts due shutdown.  Those tests were run within 24 hours 
of the time I received the email.  Of course, we have no way of 
knowing when the spammer set up their software, or how long they've 
been using that particular account.
-- 
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.30.2 | Report a Bug | By Email | System Status