On Fri, Apr 08, 2005 at 03:18:23PM -0400, Bob Bell wrote: > Isn't this scheme somewhat similar to SPF or DomainKeys? At least to > the degree that it attempts to validate the domain of the sender?
Yes. It's been a while since I looked at either, so I'm not sure about specific similarities and differences, but the ideas are pretty similar. I seem to recall that SPF has some serious limitations, but I can't recall what those might be (though I suspect searching for "problems with spf" or "spf limitations" would turn something useful up). I never really looked into DomainKeys in detail, but it probably works more or less like I described. > How would this work with all the compromised Windows machines out > there? Couldn't a spammer use such a network of compromised > machines to send out emails through Outlook, etc.? (This appears to > be a problem with most anti-spam approaches) There are, of course, those viruses which send themselves to everyone in your address book, and use your ISP's servers to send the mail. None of these schemes (including blocking the IP addresses of dynamic customers) do anything to solve that problem. As such, I'll exclude that class of compromises from the rest of the discussion. Aside from those, AFAIK, compromised windows systems don't generally use Outlook, they usually come with a small, basic smtp engine bundled into the malware. I suspect they do it because sending lots of spam through your ISP's servers is likely to get your account terminated, shutting down that channel for delivering spam. Blocking mail from these nodes might help, but probably not... At least not for long. As more and more ISPs block these addresses, the spammers will simply find other attack vectors. They always do. These could include setting up new, temporary open relays, attacking valid servers, etc. Ultimately, as I've said many times before, there is no method of fighting spam which will be truly effective. The best you can do is let the client deal with it by running spamassassin or similar. The only way to put a stop to the spam problem is to make it unprofitable for the so-called "advertiser", by fining offenders a substantial amt. per individual spam message, and jail time for people who facilitate spam. But GW made sure that'll never happen with the bogus anti-spam bill... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
pgpwkrwEaAtK6.pgp
Description: PGP signature
