Bruce Richardson said:
> On Sat, Apr 10, 2004 at 11:43:23PM -0700, Rick Castello wrote:
>> How does C/R shift my spam problem (remember, thousands of spam
>> messages a day) into someone else's mailbox (other than MAYBE the
>> spammers themselves, who frankly, I don't give a damn about)?
>>
> Quite simply: much spam now forges genuine e-mail addresses and most
> spam forges genuine domain names. This means that every challenge that
> you send out is wasting somebody else's time and adding to the load they
> already see from spam, viruses and collateral spam
> (http://www.cam.ac.uk/cs/email/collateral.html).
I would agree with you that *some* spam now forges genuine email
addresses. I'd agree that nearly *all* spam now forges genuine
domain names. However, in a highly unscientific survey (on my own
email box), I'd estimate that only about one percent of the spam
I see is from a real email address.
Most of it is from randomly generated throwaway accounts using
domains like hotmail, aol, yahoo, ebay, or paypal. Random email
accounts don't get their time wasted or get collateral spam,
simply because they don't exist. The challenge messages bounce,
and end up going nowhere, not filling someone poor innocent
victim's email box, as you insinuate.
Unscientific as my estimate is, think about it... it's faster and
easier for a spammer to just use fake strings of letters and
numbers as their sending addresses, or better yet, and becoming
more frequent still, using something logical sounding, like a
"[EMAIL PROTECTED]" which someone who's looking out for spam
might still mistake for a real person.
> There are plenty of good anti-spam tools that don't have any adverse
> affect on other people. Use them, not this lazy-ass, inconsiderate
> tool.
Show me a tool that has the same success rate as C/R and I'll
use it. Right now, I use a mix of SpamAssassin and TMDA, and
I get ZERO false positives. SA throws out the obvious spam first,
reducing the impact of the C/R, then TMDA handles the questionable
leftovers.
Any *new* person I give my email address to, I explain about the
C/R and they're just fine with it, and usually ask how they can
get something similar for themselves. Any person sending me
unsolicited email, even if they're a real person, shouldn't be
bent out of shape to respond to *one* "real person" check message,
and so far, they aren't.
If the person being spoofed isn't using C/R themselves, then to
them, my challenge message is likely *one* more piece of spam
that they deal with. Unfortunate, yes, but as I said, this is
the extreme minority of cases. Most upon most are just fake
alphabet email addresses.
Maybe the solution is for *everyone* to use C/R, rather than
no one. It's certainly better than the .mail initiative that's
floating around now.
-Rick
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
