'Self sacrifice ;) was Re: I obfuscated mla.libertine.org'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tmda-users
Subject:    Self sacrifice ;) was Re: I obfuscated mla.libertine.org
From:       Simon Waters <Simon () wretched ! demon ! co ! uk>
Date:       2004-02-29 20:52:45
Message-ID: 4042511D.4060902 () wretched ! demon ! co ! uk
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Jason R. Mastaler wrote:
> 
>>Indeed should people with effective antispam solutions encourage
>>spammers to waste their available resources spamming ineffectively?
>>As this undermines the spammers economic model.
>  
> No, I don't think so.  Unless you are rejecting spam at the SMTP
> level, the spammer will never know they are spamming ineffectively.
> This applies to most popular methods including TMDA, SpamAssassin, and
> other content filters.

We were discussing it at work where we were trying some radical
solutions on one of our mail servers.

For various reasons there are very few people who genuinely need to mail
multiple recipients at that server (except us and we are allowed to
relay to it), so we tried reducing the maximum recipients per envelope
dramatically, and more than halved the number of emails we handle with
no complaints or obvious problems. Although I suspect it works as the
spammers assume MTA's will conform with RFCs :(

We seem to have been the target of numerous dictionary attacks for
harvesting addresses, so we were well over the ~60% spam industry average.

Even though spammers steal resources, they have a finite resource in
bandwidth (stolen or otherwise), so it seems logical to force them to
use it inefficiently in as many ways as possible.

Anyway I'm concerned at the proliferation of SPF systems (both number
and type) - seems the world is more keen to solve the spam problem, than
they are on the backward compatibility of email systems. I suspect
Mirosoft's security initiative will kill more spam than their antispam
initiative. As someone who is currently involved in supplying courtesy
email addresses, we would be compelled by some of these schemes to
manage authentication and outbound email services for 10,000's of
thousands of users or be joe jobbed continually. Whilst I think the
model my employer uses looks somewhat dated in this area, I'm not sure I
want to see a whole area of business modified for what is likely to be a
limited success in the war against spam (given compromised/spamming
machines can already be easily identified, and port 25 can already be
easily redirected by ISPs who care, and RBLs exist, I'm unclear what SPF
will actually gain in terms of spam reduction, and it certainly isn't a
strong enough authentication scheme to replace signing emails).

["signature.asc" (application/pgp-signature)]

_____________________________________________
tmda-users mailing list (tmda-users@tmda.net)
http://tmda.net/lists/listinfo/tmda-users

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic