Appearances are deceptive in the (anti-)spam world
Courtesy of Slashdot, we learn that Verizon is moving to authenticated email submission so that, to quote the Verizon spokesman:
[...] Verizon will be able to quickly identify spammers, including those using so-called zombie systems, and shut them down.
Sounds great, right? Not really. The problem is that this change shouldn't be giving Verizon anything that they don't already have.
Verizon already has a perfectly good way of quickly identifying their spamming customers, namely the spamming machine's IP address. It's right there in headers, logs, and so on. (If Verizon did not have the ability to map IP addresses back to customers, we would long since have heard of it from the RIAA and the MPAA.)
The most charitable interpretation of Verizon's statement is that Verizon has not been able to give the abuse-handling team access to the tools needed to map spamming IP addresses to customers and then to do something about it, either because they didn't care enough about the problem or because of severe organizational dysfunction. Authenticated email submission will fix this internal issue by giving the abuse people direct access to the information.
The least charitable interpretation is that Verizon is doing what gets called 'blowing smoke'. And why not? After all, it got them reasonably favorable press as 'doing something about spam'. As such, it's a nice prophylactic measure.
(Especially as it will probably also get Verizon a temporary drop in their spam volume, as spammers have to customize their zombie code some more and make it do a little bit more work.)
Comments on this page:Written on 19 February 2009.