Appearances are deceptive in the (anti-)spam world

February 19, 2009

Courtesy of Slashdot, we learn that Verizon is moving to authenticated email submission so that, to quote the Verizon spokesman:

[...] Verizon will be able to quickly identify spammers, including those using so-called zombie systems, and shut them down.

Sounds great, right? Not really. The problem is that this change shouldn't be giving Verizon anything that they don't already have.

Verizon already has a perfectly good way of quickly identifying their spamming customers, namely the spamming machine's IP address. It's right there in headers, logs, and so on. (If Verizon did not have the ability to map IP addresses back to customers, we would long since have heard of it from the RIAA and the MPAA.)

The most charitable interpretation of Verizon's statement is that Verizon has not been able to give the abuse-handling team access to the tools needed to map spamming IP addresses to customers and then to do something about it, either because they didn't care enough about the problem or because of severe organizational dysfunction. Authenticated email submission will fix this internal issue by giving the abuse people direct access to the information.

The least charitable interpretation is that Verizon is doing what gets called 'blowing smoke'. And why not? After all, it got them reasonably favorable press as 'doing something about spam'. As such, it's a nice prophylactic measure.

(Especially as it will probably also get Verizon a temporary drop in their spam volume, as spammers have to customize their zombie code some more and make it do a little bit more work.)

Comments on this page:

From 75.14.5.57 at 2009-02-19 02:21:07:

The way SBC does it (for residential customers, at least) is to require outbound email to be relayed through them. I assumed the purpose was to have authoritative logs of email leaving their network, to identify and block spammers on SBC. Have I misunderstood the purpose of this policy? It seems like it would be simpler to implement and just as effective, if SBC's abuse team can map IP addresses to customer accounts.

Steve

By cks at 2009-02-19 11:54:51:

You have it right; forcing outgoing email through your own servers is a basic first step that everyone has to take, for exactly the reasons that you mentioned. In a well run organization, how exactly you accept such email from your customers should make no difference in how well you deal with spam.

(I suppose there may be small advantages in forcing authenticated SMTP submission, since it cuts off anyone exploiting open wireless access points, open proxies, and the like. But my belief is that most current spam is from compromised zombies.)

Written on 19 February 2009.
« My theory on why people wind up using common passwords
An attraction of planet-style blog aggregators as your feed reader »

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Thu Feb 19 00:43:26 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.