[linux-elitists] paul graham on spam

Karsten M. Self kmself@ix.netcom.com
Fri Apr 2 13:47:32 PST 2004


on Fri, Apr 02, 2004 at 03:46:44PM -0500, Aaron Sherman (ajs@ajs.com) wrote:
> On Thu, 2004-04-01 at 15:14, Karsten M. Self wrote:
> 
> >   - There's the bandwidth suckage at the behest of spammers.  Depending
> >     on how your system is configured.  Essentially you're allowing
> >     someone to request arbitrary bandwidth from you via email request.
> 
> You're also requesting CPU and memory resources from the target, which
> could be interesting. I'd have to sit down and think real hard about how
> you could offload processing through email by peppering links into text
> in specific ways... Proving that this is Turing complete would be a fun
> task.
> 
> I can just see the RC5-72 attempts now ;-)
> 
> Any notion of "punishment" seems to me to be abusable. After all, if you
> know where there sites are, you can just DDoS them if you want and
> you'll always recognize their spam. If you don't know then you have to
> build that knowledge somehow, and any such technique is probably
> subvertable.

What are typically known are spam-related domains and/or IP blocks.  But
not specific pages within these target ranges.

There's a related issue of spammers "bouncing" from other services.  I
got a recent tobacco spam which pointed to a Geocities page.  *That*
page pointed to a second website, hosted by ev1.com (yes, the SCO
licensee).  So FFB would have pounded Geocities, in a naive attack.

The story behind that spam is slightly more interesting.  I forwarded it
to a list of state AG offices known email addresses.  Got a mail back
from the tobacco enforcement deputy in Delaware asking just what he
ought to be doing about spam advertising to UK customers.

I pointed out that the text was "the UK _or anywhere else_" (my
emphasis).   Spam was received in CA, forwarded to Delaware (among
others).  Geocities is owned by Yahoo, HQ in Sunnyvale, CA.  EV1 is
based in Houston, TX.  The owner of that site is registered in Spain.

Raises some interesting cross-jurisdictional issues.


> However, the fact that people are thinking this way IS interesting. It
> means we're starting to get serious enough that hard resources might
> get dedicated soon. SPF (or its like) + establishing trust per-domain
> would eliminate the problem of spam, and the only reason we don't do
> it is the lack of collective will to STOP getting mail from those we
> do not trust (or who are not within some local web of trust). The
> software is trivial to write and can be proved, but that doesn't mean
> anyone will use it.

It would help combat.

I've also had a recent conversation with a clued individual at Earthlink
about the internal politics of, say, CCTLD or ASN-based blocking of
massive spam sources.  I'll be providing data on my own showing my own
experience.


> It's kind of like having accidents all the time because 10% of the
> drivers never learned to drive. You can have the ABILITY to issue
> drivers' licenses, but until you do AND you don't allow unlicensed
> folks on your highways, you get accidents.

Governance == Rules + Enforcement + Adjudication + Penalties.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
  Backgrounder on the Caldera/SCO vs. IBM and Linux dispute.
      http://sco.iwethey.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040402/ffdc4581/attachment.pgp 


More information about the linux-elitists mailing list