[Asrg] Spam profitability analysis and countermeasures

sam bledsoe samble at sdf.lonestar.org
Wed Apr 25 15:49:00 EDT 2007 

On Wed, 25 Apr 2007, Douglas Otis wrote:

> Date: Wed, 25 Apr 2007 12:24:52 -0700
> From: Douglas Otis <dotis at mail-abuse.org>
> Reply-To: Anti-Spam Research Group - IRTF <asrg at ietf.org>
> To: Anti-Spam Research Group - IRTF <asrg at ietf.org>
> Subject: Re: [Asrg] Spam profitability analysis and countermeasures
> 
>
> On Apr 25, 2007, at 10:55 AM, Chris Lewis wrote:
>
>> Matthias Leisi wrote:
>> 
>>> Further, given that botnets can be in the tens of thousands of members, 
>>> it's easy for the botnet operator to initiate counter-attacks if the 
>>> number, "click-rate" and aggregated bandwidth of spam-recipients does not 
>>> outnumber the botnet operator's resources by an order of a magnitude.
>> 
>> We must _not_ forget the Blue Frog lesson:
>> 
>> http://en.wikipedia.org/wiki/Blue_Frog

Hi Matthias and others.  Part of the concept is that spammers aren't 
neccessarily the root of the problem.  I see it as analogous to the 
illegal immigrant worker problem - the immigrants are just trying to make 
a buck, and there are very many of them operating outside the bounds of 
the law, which makes enforcing laws over them extremely difficult.  They 
immigrate because companies will pay them.  Crack down on the guys
writing the paychecks, and people won't show up trying to get paid.
This is by no means an indisputable or even well established principle, 
but it makes sense to me.  Based on that idea though, the "legitimate" 
companies who employ spammers should be brought in to check.

I have not forgotten about Blue Frog, either.  I don't want to manage a 
database of users, or contact ISPs to tell on people, or any of that. 
With users  themselves running the countermeasure software, there is no 
centralized point of retaliation.

>
> Latency in any counter-measure makes reacting to individual events futile. 
> As such, counter-measures must be broad and lasting.  A fly's perceptions and 
> reactions are much faster, making them difficult to swat.  With their low 
> persistence, by the time a swatter can even be raised, they have already 
> taken light.  Warnings only work accompanied with negative ramifications.  A 
> "No Solicitation" announcement can be made with rfc3865.  IP addresses might 
> be exploited, so a safe identity for which to apply long lasting 
> ramifications would be the ASN at the very moment of the offense.
>
> This indicates which ASNs monitor their outbound traffic, checks SMTP error 
> rates generated by outbound clients, disables port 25 for residential access 
> points, and responds to complaints of abuse.  Alas, industry attempts to 
> punish or restrict individual users, where various providers continue to 
> profit from revenues generated by abuse and abuse counter measures.  Holding 
> the ASN accountable is the _only_ practical means to affect the profit motive 
> driving abuse.  Many of the schemes that attempt to identity individuals 
> actually enables devastating DDoS exploits.
>
> -Doug

Sorry Doug, while I can parse what you say I cannot understand your point.

>
>
> _______________________________________________
> Asrg mailing list
> Asrg at ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
>

samble at sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

More information about the Asrg mailing list