Posted by: Anonymous Coward
on August 27, 2004 04:14 AM
What really burns me up is that there is no analysis of the spam problem that comes along with sender-ID - sender-ID is the solution for a problem that is left undescribed.
It's been widely reported with about 80% of spam uses forged headers. Several people and groups have published their own analysis, all with similar results. The majority of spam uses faked sender and header information.
When do you ever see any analysis on what can be done if the problem is approached from the abuse standpoint rather than from the false sender standpoint? Never [...]
Spamhaus has, for quite some time, done analysis of how much spam originates from a small group of spammers abusing the system.
Recently, AOL, Earthlink, Microsoft and other have filed many lawsuits against these abusive individuals. The FCC (with the DMA's money funding much of the work) is in the process of bringing criminal charges against spammers. The law is a slow process, but analysis has been done and work is in process to stop the abuse at the source.
If the ISPs are finally going to develop and follow some best practices I suggest they start with a dual-goal first step: detect abuse in their own space and report it back to the ISP that is in charge of the IP address of the apparent source.
Again, things are beginning to change here too. Until recently, rivals AOL, Microsoft, Earthlink and others did not cooperate. Only months ago, they finally published a concensus of best practices. Recently, even Comcast has started contacting customes whose machines have been turned into zombies.
A lot of work is being done on a lot of fronts to combat the spam problem. Maybe it will eventually help, maybe not. But just because spam has only increased (perhaps as fast as it would have in the absence of any efforts, perhaps not)... there is no justification to rant that nothing is being done other than sender authentication. Many people, organizations and companies are working on many approaches.
Learn about Linux
Download Linux
Get Linux help
Re:Fight the abuse to fight spam
Posted by: Anonymous Coward on August 27, 2004 04:14 AMIt's been widely reported with about 80% of spam uses forged headers. Several people and groups have published their own analysis, all with similar results. The majority of spam uses faked sender and header information.
When do you ever see any analysis on what can be done if the problem is approached from the abuse standpoint rather than from the false sender standpoint? Never [...]
Spamhaus has, for quite some time, done analysis of how much spam originates from a small group of spammers abusing the system.
Recently, AOL, Earthlink, Microsoft and other have filed many lawsuits against these abusive individuals. The FCC (with the DMA's money funding much of the work) is in the process of bringing criminal charges against spammers. The law is a slow process, but analysis has been done and work is in process to stop the abuse at the source.
If the ISPs are finally going to develop and follow some best practices I suggest they start with a dual-goal first step: detect abuse in their own space and report it back to the ISP that is in charge of the IP address of the apparent source.
Again, things are beginning to change here too. Until recently, rivals AOL, Microsoft, Earthlink and others did not cooperate. Only months ago, they finally published a concensus of best practices. Recently, even Comcast has started contacting customes whose machines have been turned into zombies.
A lot of work is being done on a lot of fronts to combat the spam problem. Maybe it will eventually help, maybe not. But just because spam has only increased (perhaps as fast as it would have in the absence of any efforts, perhaps not)... there is no justification to rant that nothing is being done other than sender authentication. Many people, organizations and companies are working on many approaches.
#