RE: SPAM and "undisclosed recipients"

["Kristian Hermansen" <khermansen () ht-technology com>]

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Jonathan A.
Zdziarski
Sent: Saturday, November 15, 2003 7:37 PM
To: Steve Wray
Cc: 'Kristian Hermansen'; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] SPAM and "undisclosed recipients"

[Insert usual plug for bayesian filters here....yadah yadah....99.9%
accurate... blah blah]

We could open up a whole can of worms about this topic, but the product
of any of these discussions always ends up the same: even if we had an
authenticated, secure SMTP protocol, the requirement of marketing
departments would be that anyone who registered a new domain could
easily "get on the wagon"...and that is where it all comes crumbling
down; a spammer makes well over the $8.95 it would cost to register a
domain and become an "authenticated SMTP sender" (heck, they spend $4000
on sacrificial servers to get confiscated from a colo facility every
mailing)...there's no reason a spammer couldn't register a couple
domains every time he bulk mailed; prepaid credit cards can easily hide
identity and, as I said before, marketing departments and a significant
portion of people who are pro-privacy won't allow proof of identity to
become a requisite for sending email - even at the domain level.

passing legislation, writing new protocol, etc., only makes it more
difficult for spammers but ultimately a spammer will be able to easily
adapt to whatever environment they are forced to function in (wouldn't
you if your livelihood depended on it?) whether that involves more
heavily utilizing stolen accounts, viruses, or registering new domain
names regularly, spammers will adapt.

The one damning piece of evidence in every spam sent out is the content
itself which is why contextual analysis (especially when deployed
system-wide with a bit of networking groups in place) is far more
effective to resolving the spam issue than trying to convince the world
to rewrite SMTP.  Several filters have even gotten to the point where
they provide useful information to help ISPs conserve resources instead
of using them to fight spam.  I think 99.9% (1 in 1000 spams gets
through) is a pretty darn good (and realistic) statistic...if only all
ISPs filtered at the server level, we'd put spammers out of business.

Jonathan





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
----------------------------------------------------------------

There should be a way to stop the email spamming.  You could use their
weaknesses as a way to prevent spam.  The fact is that most SPAM is sent in
MASS quantities all at one time, or a very short interval.  If servers could
somehow have a "global awareness" of the activity of spammers this could be
prevented.  Take for instance Hotmail.  Millions of users have accounts
here.  Hotmail could "sense" a massive flood of "identical" content to
multiple users of their service and automatically label it as SPAM.  Of
course, the downside is legitimate mass mailings that are sent out everyday
from places like PC Magazine, Security Focus, and other opt-in mailing lists
would be flagged as well.  Unless, in a new email security protocol, they
implemented user specified WHITELISTS on email servers to allow legitimate
bulk emails (that otherwise would be flagged) to be let through.  A sort of
"Guilty until proven innocent" approach.  Just a thought... 

 
Kristian Hermansen
CEO - H&T Technology Solutions
khermansen () ht-technology com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html