[IP] Spammers Will Use Throwaway Domains

[Dave Farber <dave@farber.net>]

------ Forwarded Message
From: Meng Weng Wong <mengwong@dumbo.pobox.com>
Date: Wed, 11 Jun 2003 03:18:42 -0400
To: synthesis@videotron.ca
Cc: Dave Farber <dave@farber.net>, spf-discuss@v2.listbox.com,
rspier@pobox.com, johnl@iecc.com
Subject: Spammers Will Use Throwaway Domains

On Wed, Jun 11, 2003 at 02:16:54AM -0400, synthesis@videotron.ca wrote:
| 
| I read this then I read it again. Then I read it again. Then I wondered:
| "how will SPF solve spam from hotmail.com? "

With the exception of the latest spate of DAV trouble, most of the
spam that appears to be from hotmail.com isn't actually sent from
hotmail.com.  The fraction that is gets reported to abuse@hotmail.com
and hotmail.com takes the appropriate action.

I analyzed 6,810,374 unique deliveries over a two-month period whose
senders claimed to be from aol.com, hotmail.com, and yahoo.com.  Those
deliveries came from 1,885,248 distinct email senders.  I classified
those senders using statistical methods into 1,775,660 spammer
addresses and 109,588 nonspammer addresses.

Of the 1,775,660 addresses which my classifier decided were more
likely to be spammers than not-spammers, 4,188 actually originated
from aol, hotmail, or yahoo.  That is a statistically insignificant
number and reflects more on the imperfection of my classifier scheme
than anything else.  The classifier scheme is described at
http://dumbo.pobox.com/spam-sensor/.

Conclusion: aol, hotmail, and yahoo have successfully implemented
outbound antispam technology, eg. ways to that only humans sign up for
their accounts, and limits on per-account outbound message volume.

| "how will SPF stop someone from registering asdlfkslt12324349584.com,
| sending out a batch of spam...then losing the account and moving to
| asdlfkslt12324349585.com? "

This is a good question, and it is answered at

  http://spf.pobox.com/faq.html#noprevent

I just uploaded that file; if you didn't see it on your first pass
through the site, your eyes are not deceiving you :)

The short answer is, even if it's a throwaway domain, we can
eventually subpoena the registrar and track down the spammer, then
apply legal methods.

Thanks to the greater level of sender accountability, lawsuits may
begin against the spammers, and registrars may be subpoenaed for
domain owner information.  SPF makes administrative and legal methods
possible.

| "how will the non-spammers of videotron.ca react when someone uses a
| videotron.ca account and videotron.ca gets called a spam domain? "

videotron.ca is responsible for monitoring its outbound mail stream
and sensing suspicious activity.  most major ISPs do this already.

if the volume of spam decreases, legal and administrative approaches
become more effective; right now they are simply swamped.  if there
are only 10 spammers in the world, law enforcement can focus on
catching each one.  if there are 10,000 spammers, law enforcement
throws up its hands and says the problem is too big to tackle.

| 
| In short...I wonder... how will this possibly work?
| 

If SMTP were proposed today, would you raise the objection that it
would make it possible for "spammers" to send "unsolicited bulk
email"?  And would you then say " ... I wonder ... how will SMTP
possibly work when it allows such a thing as spam"?


------ End of Forwarded Message

-------------------------------------
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/