Text 556, 239 rader
Skriven 2004-09-12 13:10:02 av Rich (1:379/45)
Kommentar till text 554 av Geo. (1:379/45)
Ärende: Re: Spammers faster than the good guys....
==================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_05A3_01C498C9.D0ED2F30
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Again you make this silly suggestion. Why would a spammer do =
something like this that provides a tracable record that is a legal = liability
for them. They should just as easily have no MX record or an = MX record that
points to an invalid IP. Both of which have the same = effect of mail to their
domain not being deliverable which is all you = claim they want. It's one
thing to create a liability by spammer for = which they derive revenue. It's
another to create one which provides = liability only.
Rich
"Geo." <georger@nls.net> wrote in message =
news:4144a563$1@w3.nls.net...
"John Beckett" <FirstnameSurname@compuserve.com.omit> wrote in message
news:4144309b.40375046@216.144.1.254...
> However, no one has given any hint of a reason why SPF won't reduce =
a lot
> of back-scatter.
Ok you want it explained, I can do that.
What is the reason backscatter exists? I mean why don't spammers use =
domains
from their unlimited supply of domains instead of pretending to be =
from mike's
domain?
The reason is simple, many email servers have to accept an email for =
delivery
before they can run a spam filter on it. And for some reason many, =
once they
run a filter on it and decide it's spam they try to return it to the =
source
instead of just deleting it.
Now the spammers want to know if an address doesn't exist so they can =
keep
their lists up to date, but when a filter blocks spam that tells them =
nothing
about if the address exists or not so there is no value in accepting =
these
returns. In fact it's a waste of their bandwidth and cpu to even try =
to deal
with backscatter.
So they spam in a way that someone else has to deal with it. Up until =
SPF that
was quite simple, they just use a different domain name for the FROM =
address.
Ok now along comes SPF, what do you think the spammers are going to =
accept
their own backscatter now? Hardly, all they are going to do is set the =
SPF
record for their domain to point to the source of their spam so it's =
accepted
like before and then set the MX record to point to some mail server =
where they
can dump the backscatter. It's like hardly any extra work for them to =
do this
and all it costs them is a few DNS queries to DNS servers that are =
probably
hosted on compromised machines anyway.
What I'm saying is if SPF reaches a level of acceptance that it =
actually has an
annoyance factor to the spammers, they can make a simple change to =
their
methods and SPF becomes meaningless as far as a solution for =
backscatter
Here this is how difficult it is:
Entries for a domain bytemyshorts.info
txt record "v=3Dspf1 ip4:1.1.1.1/1 ~all"
MX records point to
131.107.3.125
131.107.3.124
131.107.3.122
131.107.3.123
131.107.3.126
131.107.3.121
Ok I just defined half the planet as a possible source for my spam so =
using all
my compromises hosts will be no problem and all my bounces are going =
back to
microsoft's mail servers just like I had used an @microsoft.com return =
email
address.
I can make the same entries for bytemyshorts1.info
thru bytemyshorts1000000.info
Now what protection has SPF provided for Microsoft? All I see is that =
it
protects the name "microsoft.com". It's a copyright/trademark =
protection
mechanism for high value domains and not much else. Nobody else can =
use
microsoft.com but beyond that it provides no significant protection of =
the
email system.
Geo.
------=_NextPart_000_05A3_01C498C9.D0ED2F30
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.186" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Again you make this silly=20
suggestion. Why would a spammer do something like this that = provides
a=20
tracable record that is a legal liability for them. They = should
just=20
as easily have no MX record or an MX record that points to an invalid =
IP. =20
Both of which have the same effect of mail to their domain not being =
deliverable=20
which is all you claim they want. It's one thing to create a = liability
by=20
spammer for which they derive revenue. It's another to create one =
which=20
provides liability only.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo." <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:4144a563$1@w3.nls.net">news:4144a563$1@w3.nls.net</A>...</DI=
V>"John=20
Beckett" <<A=20
=
href=3D"mailto:FirstnameSurname@compuserve.com.omit">FirstnameSurname@com=
puserve.com.omit</A>>=20
wrote in message<BR><A=20
=
href=3D"news:4144309b.40375046@216.144.1.254">news:4144309b.40375046@216.=
144.1.254</A>...<BR><BR>>=20
However, no one has given any hint of a reason why SPF won't reduce a=20
lot<BR>> of back-scatter.<BR><BR>Ok you want it explained, I can do =
that.<BR><BR>What is the reason backscatter exists? I mean why don't =
spammers=20
use domains<BR>from their unlimited supply of domains instead of =
pretending to=20
be from mike's<BR>domain?<BR><BR>The reason is simple, many email =
servers have=20
to accept an email for delivery<BR>before they can run a spam filter =
on it.=20
And for some reason many, once they<BR>run a filter on it and decide =
it's spam=20
they try to return it to the source<BR>instead of just deleting =
it.<BR><BR>Now=20
the spammers want to know if an address doesn't exist so they can=20
keep<BR>their lists up to date, but when a filter blocks spam that =
tells them=20
nothing<BR>about if the address exists or not so there is no value in=20
accepting these<BR>returns. In fact it's a waste of their bandwidth =
and cpu to=20
even try to deal<BR>with backscatter.<BR><BR>So they spam in a way =
that=20
someone else has to deal with it. Up until SPF that<BR>was quite =
simple, they=20
just use a different domain name for the FROM address.<BR><BR>Ok now =
along=20
comes SPF, what do you think the spammers are going to accept<BR>their =
own=20
backscatter now? Hardly, all they are going to do is set the =
SPF<BR>record for=20
their domain to point to the source of their spam so it's =
accepted<BR>like=20
before and then set the MX record to point to some mail server where=20
they<BR>can dump the backscatter. It's like hardly any extra work for =
them to=20
do this<BR>and all it costs them is a few DNS queries to DNS servers =
that are=20
probably<BR>hosted on compromised machines anyway.<BR><BR>What I'm =
saying is=20
if SPF reaches a level of acceptance that it actually has =
an<BR>annoyance=20
factor to the spammers, they can make a simple change to =
their<BR>methods and=20
SPF becomes meaningless as far as a solution for =
backscatter<BR><BR>Here this=20
is how difficult it is:<BR><BR>Entries for a domain=20
bytemyshorts.info<BR><BR>txt record "v=3Dspf1 ip4:1.1.1.1/1 =
~all"<BR>MX records=20
point=20
=
to<BR>131.107.3.125<BR>131.107.3.124<BR>131.107.3.122<BR>131.107.3.123<BR=
>131.107.3.126<BR>131.107.3.121<BR><BR>Ok=20
I just defined half the planet as a possible source for my spam so =
using=20
all<BR>my compromises hosts will be no problem and all my bounces are =
going=20
back to<BR>microsoft's mail servers just like I had used an =
@microsoft.com=20
return email<BR>address.<BR><BR>I can make the same entries for=20
bytemyshorts1.info<BR>thru bytemyshorts1000000.info<BR><BR>Now what =
protection=20
has SPF provided for Microsoft? All I see is that it<BR>protects the =
name=20
"microsoft.com". It's a copyright/trademark protection<BR>mechanism =
for high=20
value domains and not much else. Nobody else can use<BR>microsoft.com =
but=20
beyond that it provides no significant protection of the<BR>email=20
system.<BR><BR>Geo.<BR><BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_05A3_01C498C9.D0ED2F30--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|