Re: [Asrg] spam down?

Chris Lewis <clewis+ietf@mustelids.ca> Wed, 30 January 2013 15:40 UTC

Return-Path: <clewis+ietf@mustelids.ca>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E2E321F8A9B for <asrg@ietfa.amsl.com>; Wed, 30 Jan 2013 07:40:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.146
X-Spam-Level:
X-Spam-Status: No, score=-0.146 tagged_above=-999 required=5 tests=[AWL=0.587, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZoAaIykh1lD0 for <asrg@ietfa.amsl.com>; Wed, 30 Jan 2013 07:40:15 -0800 (PST)
Received: from mail.mustelids.ca (unknown [174.35.130.2]) by ietfa.amsl.com (Postfix) with ESMTP id C918C21F8A89 for <asrg@irtf.org>; Wed, 30 Jan 2013 07:40:13 -0800 (PST)
Received: from [192.168.0.8] (otter.mustelids.ca [192.168.0.8]) (authenticated bits=0) by mail.mustelids.ca (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id r0UFe6Ia014828 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <asrg@irtf.org>; Wed, 30 Jan 2013 10:40:06 -0500
Message-ID: <51093ED6.9010401@mustelids.ca>
Date: Wed, 30 Jan 2013 10:40:06 -0500
From: Chris Lewis <clewis+ietf@mustelids.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
To: asrg@irtf.org
References: <5103DC4E.4090004@mtcc.com> <5103FE36.7010908@mustelids.ca> <CAJ4XoYdNpbeONbgR5unjNrMHtSv-302Kq7ycWZ559yoE4E1ZOw@mail.gmail.com>
In-Reply-To: <CAJ4XoYdNpbeONbgR5unjNrMHtSv-302Kq7ycWZ559yoE4E1ZOw@mail.gmail.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] spam down?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2013 15:40:15 -0000

On 13-01-30 09:27 AM, Dotzero wrote:

> I think it depends on what you mean by "relatively little effect".
>>From my perspective - given the current statof adoption - it may not
> have an effect on the overall ecosystem but it is certainly pushing
> the bad guys from abusing (sending) domains that are implementing
> strong email auth efforts to ones that are not.

If that were true, I wouldn't be seeing millions of paypal, linkedin,
et. al. impersonations a day.  But I do.

Validation is so irrelevant that the spammers impersonate sites when
it's clearly unnecessary.  They use their facebook impersonation
templates to send out pill spam for crissakes.  If validation was making
a difference, the ROI would suffer.  I can only guess it isn't.

The reality is that you don't have to forge the From/sender/helo et. al.
to successfully impersonate any domain.  Especially with the mail
readers oh-so-carefully _not_ showing you the actual email address.

> It would be interesting to see (I don't have the data) if there is any
> kind of shift from sending spam targeting accounts at mailbox
> providers that validate to targeting (preferentially) accounts at
> mailbox providers that don't.

Most spoofers are already bypassing validation.  So why would it matter
to them whether the mailbox provider is validating or not?