North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IBM to offer service to bounce unwanted e-mail back to the

  • From: Rich Kulawiec
  • Date: Thu Mar 24 12:02:19 2005

> If FairUCE can't verify sender identity, then it goes into  
> challenge-response mode, sending a challenge email to the sender, 

Let me rephrase that more accurately:

	"...spamming everyone who has been so unfortunate as to
	have their address forged into a mail message..."

Challenges thus issued are unsolicited: the challenged party had
aboslutely nothing to do with the inbound mail message.

If such a system is used in production, then challenges will,
inevitably, be sent in bulk.

I trust it's clear that these challenges are email.

"unsolicited bulk email", or UBE, is the canonical and only correct
definition of [SMTP] spam.

So not only does FairUCE ignore a fundamental principle of competent
anti-spam defense (e.g. "do not generate still more junk mail traffic
at a time when we are drowning in junk mail traffic") it does so by
generating outbound spam.

How very nice.

See, BTW, for some background info:

	http://www.techzoom.net/paper-mailbomb.asp

which discusses similar issues.  (Thanks to Bruce Gingery for pointing
this out.)


Beyond that, as Lycos Europe has already belatedly figured out,
attempts to strike back at spammers which presume (as FairUCE naively
does) that spammers themselves will not rapidly deploy effective
countermeasures are doomed to fail and, in all probability, doomed
to abuse innocent third parties.  This is why responsible anti-spam
techniques do not even *attempt* to fight abuse with abuse. 


I suggest further discussion be moved to Spam-L (a) before NANOG is
overrun with it again and (b) because the most anti-spam experts
and other interested parties may primarily be found there, not
here -- and extensive discussion of this particular issue is
already in progress anyway.

---Rsk