[Asrg] Solving spam == Solving zombies/botnets

[Steve Atkins]

On Dec 3, 2008, at 1:30 PM, Barry Shein wrote:

>
> On December 3, 2008 at 15:42 jdfalk at returnpath.net (J.D. Falk) wrote:
>> On 02/12/2008 10:55, "Walter Dnes" <waltdnes at waltdnes.org> wrote:
>>>  What it boils down to is that to majorly reduce spam, we have to
>>> majorly reduce botnets/zombies.
>>
>> Hooray!  Let it be shouted throughout the land: on 12th December  
>> 2008, the
>> ASRG caught up to the anti-spam conversation circa 2006.
>
> It's sort of one of those necessary vs sufficient arguments.
>
> If, for example, you could identify and reject all unwanted mail the
> botnets (for email spam anyhow) would cease to exist on their own,
> there'd be no economic reason for them to continue operating.
>
> OTOH, it is true that the only reason spammers can operate as they do
> is via botnets. Period.

That's an interesting perspective. One that's wrong, though. An awful
lot of quite profitable spam never goes anywhere near anything remotely
resembling a botnet.

In fact, given how poorly mail sent directly from botnets is delivered  
I'd
suspect that a typical user at a competent ISP wouldn't see that much
of it, compared to spam from other sources.

The operational problem of the deluge of traffic from them is there,
but it's not the entirety (or even a large fraction of, by any measure
other than traffic) of the problem for a recipient.

>
>
> That's the only way they can get access to the resources necessary to
> do what they do, and the only way they can get access to ip mobility
> which is absolutely necessary to their crime; without ip mobility we'd
> just block them and be done with it.

Mail sent from "mobile" IPs doesn't get delivered particularly well,  
which
is why the effective spam is sent from elsewhere.

"Botnets" are the "direct-to-mx" of 2008. Interesting, and a cause of
quite a lot of traffic, but not the be-all and end-all of spam delivery.

Cheers,
   Steve