To: WSFAlist at keithlynch.net
Date: Fri, 21 Jun 2002 16:05:31 -0400
Subject: [WSFA] spam, spam, and more spam
From: ronkean at juno.com
Reply-To: WSFA members <WSFAlist at keithlynch.net>

On Fri, 21 Jun 2002 10:09:49 -0400 Steve Smith <sgs at aginc.net> writes:

> Another item is the way e-mail is handled by the relay.  What it
> gets is a message and a list of addresses.  It duplicates the message
and
> sends it to every address on the list.  So you only send a spam message

> once, along with as many addresses as your relay will let you get away
> with (thousands or, for a big system, millions).  There is also no
> necessary connection between the address list and the message headers.
Once
> the spam gets into the system, it's indistinguishable from any other
> e-mail.
>

So putting parsers on the backbone which look for messages cc'd to more
than 100 addresses would not help catch spam, since the spam would
usually be blind cc'd.

> Perhaps mail servers should do some cross checking, like making
> sure that the e-mail is really coming from where the headers say it is.

> Problems are 1) open relays are by definition misconfigured anyway,
> and 2) Big systems handle *a lot* of e-mail.  Even a small amount of
> extra processing per message is a significant load.  There's all kinds
of
> things that *could* be done; unfortunately, it all depends on people
> with broken systems fixing them.
>

Keith said a forged header can be read to determine where the message
really came from, but perhaps he meant that only the correct domain of
origin can be ascertained, not the user name or account ID of the actual
sender.  If the actual individual sender cannot be identified when the
header is forged, then I suppose there is no way that a parser on the
backbone could keep track of the number of messages sent by an individual
sender.

Ron Kean

.

________________________________________________________________