Re: OT: newsgroup SPAM
- From: "Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx>
- Date: Sat, 07 Feb 2009 09:24:17 -0500
johnwallace4@xxxxxxxxxxx wrote:
On Feb 6, 1:00 pm, Neil Rieck <n.ri...@xxxxxxxxxxxx> wrote:Has anyone noticed that SPAM hitting this news group comes from GMAIL?
Wasn't someone working on a microcent postage scheme to throttle the
volume of SPAM? And aside from a little advertising, what business
model is being used by companies who allow the quick creation and use
of email boxes?
http://en.wikipedia.org/wiki/Penny_Black_(research_project)
Neil Rieck
Kitchener/Waterloo/Cambridge,
Ontario, Canada.http://www3.sympatico.ca/n.rieck/
I remember the microcent pricing stuff too but both that and the
suggestion of blocking the default SMTP port at ISP level and/or
requiring authenticated SMTP, which would at first glance seem likely
to reduce spam levels, seem to have fallen on deaf ears, for reasons I
can't recall.
Anyway, do you actually need an email account/address to *send* spam?
Isn't any "from" address in spam likely to be trivially faked? I
thought a lot of spam came from compromised Windows boxes in homes or
offices, using a simple SMTP sender dropped as part of the malware
payload, also including some kind of "remote control" mechanism for
setting up the outgoing mail contents and distribution list? Then the
only need for a valid email account/address in typical current setups
is if the spammer wants email replies, surely (which isn't always the
case)?
For example, a typical "phishing" spam to attract people to a website
wouldn't need a real "from" address or a real "reply to" address,
they'd just need to *look* like real addresses (which, as I found out
many years ago when I sent a colleague an email with the MD's email as
the "from" address, is absolutely trivial)?
I happily admit that I don't fully understand the typical SMTP/email
setup, I'm not sure exactly how spam would get from a compromised PC
to (for example) my email account(s); something to do with DNS MX
records and all that, iirc, but it's all a bit vague.
Quite why anybody places any trust in or value on an email mechanism
which hasn't really changed since the era of the teletype and has no
pretence of built in authentication or tamper-resistance is a bit
beyond me, but X.400 email (which addresses most of the underlying
problems) doesn't seem fashionable any more (except perhaps within the
military?).
Why? It's cheap and trivially easy! Before I retired, I DID warn my users not to put anything in e-mail that they would not wish to see on the front page of the New York Times.
I get the Nigerian/401 scam almost daily. I just flush them.
I see no reason not to exchange e-mail with family and friends.
.
- References:
- OT: newsgroup SPAM
- From: Neil Rieck
- Re: OT: newsgroup SPAM
- From: johnwallace4
- OT: newsgroup SPAM
- Prev by Date: Re: Obtaining IA64/ELF Image Ident from DCL
- Next by Date: Re: OT: newsgroup SPAM
- Previous by thread: Re: OT: newsgroup SPAM
- Next by thread: Re: OT: newsgroup SPAM
- Index(es):
Relevant Pages
|
