[Spambayes] RE: Yahoo's "domain keys" and spam
rmalayter at bai.org
Mon Dec 15 11:30:50 EST 2003
> i haven't found many technical reports on yahoo's plan, but i
> suspect that some of the failures in it are:
> 1) a paying (or theiving!) customer of XYZ-ISP sends spam,
> and it's "authenticated". this can happen either through a
> virus or a "make money at home with your computer!" scheme.
> 2) domains names and hosting are cheap. it would be a
> slight hurdle for spammers to register new domain names
> through ISPs and "hit & run" that server, ISP, domain name...
> depending on how the system is set up.
> 3) spam-houses that consider themselves to be legit will
> have no problem sending "authenticated" spam.
> so, the system will likely have the effect of not only
> blocking non-spam email, but giving a green light to a large
> volume of "authenticated" spam.
> which brings us back where we started... RBLSs, filtering,
> etc... but with some added overhead to maintaining an SMTP server.
1) This a problem, I agree. It might take some smarts on the part of the
virus/worm to figure out the victim's ISP and SMTP addresses, but it
could certainly be done.
This is something that ISPs should be responsible for preventing. ISPs
should already use snort or some other IDS to discover compromised PCs -
and then block those machines. Many already do, and it isn't a
ridiculous cost burden to place on ISPs, either.
2) and 3) could be addressed by blacklists, as you state. Except the
blacklist could be much more effective than current IP-based ones, even
at the organizational level. We would know that the originating domain
was not spoofed, and since there would be added cost to setting up a
spam operation (Domain registration and DNS setup), spammers couldn't
hop around as easily.
More information about the Spambayes