North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Yet another address harvesting analysis idea

  • From: Michael.Dillon
  • Date: Mon Sep 29 05:17:08 2003

>Supposedly if you put a newly installed, unpatched Windows box on the 
'net,
>with an Outlook address book full of fresh spamtrap addresses, you'll 
start
>getting spam to those addresses in something like 3 hours. 

And if you buy a recently expired domain name and set up an SMTP server
for it, then you will receive incoming email for quite a long period of
time. Each one of those messages will have valid From and CC email 
addresses
that you could collect.

In order to truly secure the net against spammers we would need to secure
both the email system and the DNS system. I use the word "system" in the
context of General Systems Theory, to refer to everything connected with
the transport of email across the Internet including the users, their
interfaces, the MUAs, the MTAs and the protocols. Similarly for DNS, I
include things like the domain name registries and registrars and their
policies.

Bandaid fixes only buy time, they don't fix the problem.

--Michael Dillon

P.S. ASRG is a good idea because it is systematically collecting and
validating a lot of what we know about spam to make it easier for 
decision makers to understand the issues. 
http://www.irtf.org/asrg/