Jump to content
Sign in to follow this  
Guest Paracelsus

The End of Spam as We Know It!!!...

Recommended Posts

nlinecomputers

Ed it not intended to stop that. SPF is only to stop joe-jobbing and spoofing. It is NOT a replacement for other forms of spam checking. As for throwaway domains, which is the method you describe, I will quote from the SPF faq.

SPF doesn't really STOP spam, does it?We've heard the complaints -- Spammers can always get throwaway domains, etc.At a high level, the answer is that we're moving from one paradigm to another: from "assumed innocent until proven guilty" to "assumed guilty unless proven innocent". The Aspen Framework brings two important tools to bear: reputation and accreditation. (A cartoon guide is available.)We agree that throwaway domains will be the next step in the arms race. We can counter with: 1. fast automated blacklisting using spamtraps and attack detectors 2. simple reputation systems based on factors such as          * age of domain according to whois          * email profile of domain, eg. "too many unknown recipients"          * call-back tests to see if the sender domain is able to receive mail.       The reputation system can advise a receiving MTA to defer or reject. 3. legal methods following the paper trail of who paid for the domain. Here's an example of automated blacklisting in action: 1. A spammer spams.          * The spam comes from an SPF-conformant domain.                o That domain is on a widely published sender-domain blacklist.                      + The MTA rejects the message.                 o That domain is a throwaway, just-registered domain, and does not yet appear on blacklists.                  1. The spam gets accepted by unsophisticated MTAs which do not use other traffic-analysis methods to impose a crude reputation system on unrecognized senders.                  2. The spam also gets accepted by automated spamtraps.                  3. The spamtraps add the domain to the blacklist.                  4. (advanced) Some time later, the user checks email. Immediately before the display phase, the MUA re-tests the message against the blacklists, and discards it.                  5. Thanks to the greater level of sender accountability, lawsuits may begin against the spammers, and registrars may be subpoenaed for domain owner information. SPF strengthens administrative and legal methods.           * The spam comes from a non-SPF-conformant domain.                o Initially,                  1. Most legitimate mail will fall into this category.                  2. Normal content filters get to do their job.                  3. The usual false-positive/false-negative results apply.                 o Later,                      + Most legitimate mail will be SPF-conformant.                      + Some legitimate mail will not be SPF-conformant.                      + SPF-conformant receivers SHOULD receive non-conformant mail but MAY choose to perform additional filtering on it. 2. Eventually, as SMTP improves its immunity to spam, we hope spammers will get discouraged. If the volume of spam decreases, legal and administrative approaches become more effective; right now they are simply swamped. If there are only 10 spammers in the world, law enforcement can focus on catching each one. If there are 10,000 spammers, law enforcement throws up its hands, calls it a societal problem, and says it doesn't have enough resources to tackle it.    * The spam domain was registered with a domain registrar.    * If the registrar is cooperative, we can find out from the registrar who the spammer was; and the registrar can stop accepting their registrations.    * If the registrar is uncooperative, or if a spammer buys and runs a registrar, we can default-blacklist all their domains, in a political move similar to SPEWS's approach.    * Alternatively, since spam is becoming increasingly illegal, we can subpoena the registrar to find out who registered the domain, and sue the spammer directly.    * If the spammer registered the domain using false information, we can still go back to the credit card.    * If the credit card was stolen, that's a crime which can be addressed using traditional means. (20040702) Scott Kitterman has posted a suggested refinement to the above plan.
The whole faq is at http://spf.pobox.com/faqYou guys should really RTFWS. Trust me there isn't anything you guys have thought of that we haven't covered.

Share this post


Link to post
Share on other sites
Ed_P
SPF is only to stop joe-jobbing and spoofing. It is NOT a replacement for other forms of spam checking.
Oh. I was going by the thread's title. Thanks for clearing things up for me, yet again. ;)
You guys should really RTFWS. Trust me there isn't anything you guys have thought of that we haven't covered.
"WS"? "we"!? Isn't Scot and Fred and other newsletter authors against blacklists of any kind?

Share this post


Link to post
Share on other sites
nlinecomputers

RTFWSRead the fine web site.Yes many people oppose blacklists. I don't like them if they aren't well run. If you check the links above you find there are whitelists as well so newsletters can use them to get through. I personally don't get much spam that gets through. Spamassassin uses bayean filters and blacklists to check mail. The new version even cross checks links IN the email to know spam websites.

Share this post


Link to post
Share on other sites
Freddy

A little interesting reading:- http://www.neowin.net/comments.php?id=2380...ry=main#comment <http://www.neowin.net/comments.php?id=23803&category=main> 02 Sep 2004 "Apache (has) written an open letter to the IETF regarding the Sender ID proposal. Sender ID is a technology designed to reduce spam on the internet. Although well designed and a technology that could do a serious amount towards reducing spam, the proposal is tied up with patent problems. Who’s the prime culprit? Your favourite vendor, Microsoft. "The current Microsoft Royalty-Free Sender ID Patent License Agreement terms are a barrier to any ASF project which wants to implement Sender ID. We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms." The decision lays out the position for not just Apache, but SpamAssassin and JAMES. SpamAssassin is a major tool for server administrators attempting to stop spam, and is deployed worldwide. The Apache decision highlights the view of the majority of the Open Source community. Although Microsoft (is) offering the technology "royalty free", the way they have constructed the license makes it impossible to fuse Sender ID with open source / license technologies..." - <http://apache.org/foundation/docs/sender-id-position.html> IETF Disbands Anti-Spam Working Group - <http://www.techweb.com/article/printableArticle.jhtml?articleID=47902431&site_section=700028> September 23, 2004 "The Internet Engineering Task Force has disbanded its working group tackling spam, saying it was deadlocked, in part, over troubles related to Microsoft Corp.'s Sender ID proposal. The decision, announced in an e-mail this week to the MADRID group by co-area director Ted Hardie, left in limbo industry efforts to develop a single standard for authenticating senders of e-mail, a process that would make it more difficult for spammers to disguise the origin of their inbox-clogging, annoying messages...the group has failed to reach a consensus on one anti-spam technology, blaming the logjam, in part, "by the need to evaluate IPR (intellectual property rights) and licensing related to at least one proposal," an apparent reference to Sender ID...With so much disagreement over the technology needed to beat back spam, it appears the industry is headed for fragmentation, rather than a single standard..."

Share this post


Link to post
Share on other sites
Marsden11

It's all moot for the time being...

Share this post


Link to post
Share on other sites
nlinecomputers

What is? SPF? SPF != SenderID. SPF was to be included as part of SenderID along with what Microsoft called "CallerID" but SPF's portition is technically seperate and the standard is open source. SPF is already used in Apache's SpamAssassin, in Sendmail, in Postfix and many other MTAs and POP/IMAP servers. Only one that isn't using it, offically, is Exchange. But there are 3rd party hacks to address that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...