Appearances are deceptive in the (anti-)spam world

February 19, 2009

Courtesy of Slashdot, we learn that Verizon is moving to authenticated email submission so that, to quote the Verizon spokesman:

[...] Verizon will be able to quickly identify spammers, including those using so-called zombie systems, and shut them down.

Sounds great, right? Not really. The problem is that this change shouldn't be giving Verizon anything that they don't already have.

Verizon already has a perfectly good way of quickly identifying their spamming customers, namely the spamming machine's IP address. It's right there in headers, logs, and so on. (If Verizon did not have the ability to map IP addresses back to customers, we would long since have heard of it from the RIAA and the MPAA.)

The most charitable interpretation of Verizon's statement is that Verizon has not been able to give the abuse-handling team access to the tools needed to map spamming IP addresses to customers and then to do something about it, either because they didn't care enough about the problem or because of severe organizational dysfunction. Authenticated email submission will fix this internal issue by giving the abuse people direct access to the information.

The least charitable interpretation is that Verizon is doing what gets called 'blowing smoke'. And why not? After all, it got them reasonably favorable press as 'doing something about spam'. As such, it's a nice prophylactic measure.

(Especially as it will probably also get Verizon a temporary drop in their spam volume, as spammers have to customize their zombie code some more and make it do a little bit more work.)

Written on 19 February 2009.
« My theory on why people wind up using common passwords
An attraction of planet-style blog aggregators as your feed reader »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Feb 19 00:43:26 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.