North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Spammers Skirt IP Authentication Attempts
On Wed, 2004-09-08 at 09:59, Paul Vixie wrote: > [email protected] (vijay gill) writes: > > > ... That means that if I do get a mail purporting to be from citi from > > randomgibberish, I can junk it without hesitation. > > agreed, that is what it means. > > however, and this is the important part so everybody please pay attention, > if you can junk something "without hesitation," then spammers will stop > sending that kind of "something." they make their money on clickthroughs, > final sales, and referrals, which translates to one thing and one thing > only: "volume." if the way to keep their volume up means "put SPF metadata > in for the domains they use" or even just "stop forging mail from domains > that have SPF metadata" then that is exactly what they will do. guaranteed. > > there's a bet here. you could bet that by closing off this avenue, SPF will > force spammers to use other methods that are more easily detected/filtered, > and that if you play this cat&mouse game long enough, it will drive the cost > of spam so high (or drive the volume benefit so low) that it'll just die out. > > i lost that bet during my MAPS years. your mileage may vary, but to me, SPF > is just a way to rearrange the deck chairs on the Titanic. we won't have > decent interpersonal batch digital communications again before whitelists; > everything we do in the mean time is just a way to prove that to the public > so they'll be willing to live with the high cost of fully distributing trust. The first step along this path is to ensure a means of obtaining a name that can be used to establish a history of use. Neither SPF or Sender-ID provides a domain name without making unverifiable assumptions of the mail channel integrity. The CSV proposal, now in the MARID group, provides a means of obtaining both an authenticated and authorized name useful for establishing a history without the high overhead associated with tracking addresses. SPF and Sender-ID expect the recipient to expend perhaps hundreds of DNS queries and execute complex macros that are seemingly designed to hide the scope of the outbound SMTP addresses, where a single wildcard record and random sub-domains will devour the recipient's resolver. Neither Sender-ID nor SPF stop the citibank.com spoofing, as the last header checked is the RFC2822 From. Spoofers only need to employ a few simple tricks, and the phishing continues, but now with a receiving MTA burning more than twice the network and iron. Sender-ID seems to be a means of injecting Microsoft IPR and to place a foot in the door to allow never-ending feature creep and DNS bloat. -Doug
|