On 7/6/25 2:05 PM, Barry Shein via NANOG wrote:
So all I'm saying is we have to start thinking more about disrupting
spammers' economics and less about designing sharper razor wire
fences.
Really? Why? I rarely get spam (UCE) these days through my Google linked
accounts, and haven't for years. I assume most of the major mailbox
providers need to keep up with Google, so their customers probably
aren't getting a lot of spam either. For the mailbox providers, it's
just a cost of doing business, and reducing Google's cost of doing
business isn't very high up on my list of concerns.
I suspect that the same is true of enterprise mailboxes as well since if
the anti-spam vendors couldn't keep up, it would give more incentive to
outsource their mail to somebody who could. And again, reducing their
cost of doing business isn't very high up on my list of concerns.
So who exactly is having this spam problem these days? I suppose if
you're running sendmail and spamassassin it might be bad (I personally
gave up on that) but that's in the long tail of people being ornery
rugged email individualists. Again, not something very high up on my
list of concerns.
Is there some other large set of mailboxes that I'm missing here?
Ideally mailboxes that I would care about their economics?
That is distinctly different than phishing and its social engineering
aspect. Doubly so with spear-phishing which by its nature, the content
is likely to look like legitimate email. Phishing can be catastrophic
and will always be a concern. This is where the meta information of
authn, etc, become more important in the fight to combat it, but that's
different than UCE.
Mike
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/EAHHNWMCOBBEHZEHKTHSJTUY7PHNOECB/
