[Mimedefang] OT but interesting hopefully - Spammers embrace email authentication
Jeff Rife
mimedefang at nabs.net
Tue Sep 7 19:56:05 EDT 2004
On 7 Sep 2004 at 15:06, Kelson wrote:
> > They aren't quick enough. "Throwaway domain" now means "lifetime of
> > several hours".
>
> My logs say otherwise: 88% of messages that SpamAssassin labeled this
> week have included SURBL hits.
>
> At least for websites, they seem to be fast enough.
Today they aren't *too* bad, but most of what you are seeing are *very*
"old" domains that just keep up the SPAM attack. In the future,
though, it'll get worse as more and more servers think a good SPF
record but no listing on a blacklist means "OK". As that happens,
expect even faster turnaround on domain names.
> Meanwhile, spammers have to buy multiple domain names every day. I
> wonder how much overhead that adds?
Less than $5 per domain, I suspect. That's easily paid for by just
*one* extra taker on the SPAM. And, if it's some sort of fraud
(Nigerian scams, etc.), then one extra taker is worth *hundreds* of
domains.
> > SpamAssassin has tests for bad Message-IDs, Message-IDs added by a
> > relay, "Received" headers that don't look kosher, MUA identifiers that
> > aren't right, etc. They don't catch everything, but they often add
> > enough score to push things into the "just discard it" category.
>
> How does that help if the message-IDs, MUA IDs, etc. all look valid?
The point is that they *don't* because they *aren't*. You can do what
you want to fake "Received" headers, but my server knows who you really
are, and adds enough info to allow SpamAssassin to figure out that the
trail is fake. Same with Message-IDs when SA can figure out the MTAs
being used.
--
Jeff Rife | "Only one human captain has ever survived battle
SPAM bait: | with a Minbari fleet...he is behind me...you are
AskDOJ at usdoj.gov | in front of me. If you value your lives,
spam at ftc.gov | be somewhere else."
| -- Ambassador Delenn, 2260
More information about the MIMEDefang
mailing list