Re: [Asrg] Is there anything good enough? - Spoofing stats
Vernon Schryver <vjs@calcite.rhyolite.com> Wed, 07 May 2003 18:29 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11536 for <asrg-archive@odin.ietf.org>; Wed, 7 May 2003 14:29:49 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h47IctD11335 for asrg-archive@odin.ietf.org; Wed, 7 May 2003 14:38:55 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47Ict811332 for <asrg-web-archive@optimus.ietf.org>; Wed, 7 May 2003 14:38:55 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11522; Wed, 7 May 2003 14:29:19 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DThL-0003fY-00; Wed, 07 May 2003 14:31:23 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19DThL-0003fV-00; Wed, 07 May 2003 14:31:23 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IY6810000; Wed, 7 May 2003 14:34:06 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h47IUN809600 for <asrg@optimus.ietf.org>; Wed, 7 May 2003 14:30:23 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11100 for <asrg@ietf.org>; Wed, 7 May 2003 14:20:47 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DTZ6-0003Yg-00 for asrg@ietf.org; Wed, 07 May 2003 14:22:52 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19DTZ4-0003Yb-00 for asrg@ietf.org; Wed, 07 May 2003 14:22:50 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h47INdw4029570 for asrg@ietf.org env-from <vjs>; Wed, 7 May 2003 12:23:39 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305071823.h47INdw4029570@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Is there anything good enough? - Spoofing stats
References: <200305071058.57835@grx>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 07 May 2003 12:23:39 -0600
> From: David Walker <antispam@grax.com> > ... > 1300 out of 3130 = 41% of all my denies are very high likelyhood spoofs from > the popular domains > 1050 out of 3130 = 34% are guaranteed spoofs (The helo name is not remotely > associated with the spoofed domain) from the popular domains. > ... What is your definition of "spoof" besides "HELO not remotely associated with sender domain"? Does you definition involve the use of a sending address that is not the property of the sender? Many perfectly legitimate owners of netscape.com and other free provider mailboxes uses those addresses as sender addresses in their mail but send mail from unrelated ISPs. Sometimes they do this to avoid exposing their more private addresses to spam. In other cases port-25 filtering or other problems prevent them from sending mail except through the unrelated ISP. If your definition of "spoofed domain" includes the notion that the spoofed address is not perfectly legitimately and own by the user sending the message, what would you suggest to those innocent people? By turning off the mail of those innocent people, would RMX be creating problems? If your definition includes some notion of forgery, how do you know whether a message with unrelated sender address and reverse DNS domains is spoofed or forged? Do you have some way to ask the administrators of the "spoofed" domain about the sender address? I've recently seen a lot of spam with sender addresses in all of the domains in your list. Most of the names in your list are free providers, but some are not. I bet that much and probably most of the spam you've seen with free provider sending address is not forged. I've suspected that spam with sender addresses from earthlink.net, msn.com, and aol.com are forged, but how can anyone outside those organizations know? Reading between the lines of today's front page "Wall Street Journal" article suggests that much of the Earthlink spam may not be forged in any real sense of the word. See http://online.wsj.com/article/0,,SB105225593382372600,00.html if you have a subscription. The title is "Elusive Spammer Sends EarthLink on Long Chase." I've been unable to find the article on Google or Yahoo, but it might appear there later this week. Vernon Schryver vjs@rhyolite.com _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Sauer, Damon
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Daniel Feenberg
- [Asrg] RMX and Privacy Yakov Shafranovich
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Scott Nelson
- Re: [Asrg] seeking comments on new RMX article Daniel Feenberg
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article David Walker
- [Asrg] Misunderstandings... Alan DeKok
- [RANT] RE: [Asrg] seeking comments on new RMX art… Sauer, Damon
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article Damian Gerow
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] RMX and Privacy Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Damian Gerow
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Steven F Siirila
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Claus Assmann
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- [Asrg] Is there anything good enough? Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Hadmut Danisch
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Barry Shein
- Re: [Asrg] seeking comments on new RMX article Dave Crocker
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- RE: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Eric Brunner-Williams in Portland Maine
- [Asrg] RMX example Hadmut Danisch
- [Asrg] Willfull and intentional misunderstandings Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- Re: [Asrg] Willfull and intentional misunderstand… Michael Rubel
- Re: [Asrg] Willfull and intentional misunderstand… Damian Gerow
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- Re: [Asrg] Is there anything good enough? Barry Shein
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] Willfull and intentional misunderstand… Damian Gerow
- Re: [Asrg] seeking comments on new RMX article Barry Shein
- Re: [Asrg] seeking comments on new RMX article Michael Rubel
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] Willfull and intentional misunderstand… Barry Shein
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- RE: [Asrg] seeking comments on new RMX article Bob Atkinson
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- RE: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] Willfull and intentional misunderstand… Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article Mike Rubel
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] seeking comments on new RMX article Yakov Shafranovich
- Re: [Asrg] Willfull and intentional misunderstand… Hadmut Danisch
- Re: [Asrg] rhetoric style Hadmut Danisch
- Re: [Asrg] rhetoric style Jon Kyme
- Re: [Asrg] rhetoric style J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Kee Hinckley
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Eric D. Williams
- Re: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] seeking comments on new RMX article David Walker
- Re: [Asrg] rhetoric style Ken Hirsch
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article Alan DeKok
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: [Asrg] seeking comments on new RMX article J C Lawrence
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Consent (was Re: [Asrg] seeking comments on new R… Alan DeKok
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: Consent (was Re: [Asrg] seeking comments on n… J C Lawrence
- RE: [Asrg] seeking comments on new RMX article Vernon Schryver
- Re: Consent (was Re: [Asrg] seeking comments on n… Alan DeKok
- Re: [Asrg] Is there anything good enough? - Spoof… Barry Shein
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- RE: [Asrg] seeking comments on new RMX article Hallam-Baker, Phillip
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- RE: [Asrg] Willfull and intentional misunderstand… Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] Is there anything good enough? - Spoof… David Walker
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [MLIST] Re: [Asrg] Is there anything good eno… David Walker
- Re: [Asrg] Willfull and intentional misunderstand… Dave Crocker
- RE: [Asrg] seeking comments on new RMX article Hallam-Baker, Phillip
- Re: [Asrg] Is there anything good enough? - Spoof… Mike Rubel
- Re: [Asrg] Is there anything good enough? - Spoof… Vernon Schryver
- Re: [Asrg] seeking comments on new RMX article waltdnes
- RE: [Asrg] seeking comments on new RMX article Tom Thomson
- RE: [Asrg] seeking comments on new RMX article Tom Thomson