Feedback: Spam…Spam…Spam

Regarding DMCA vs. Spam by Bob Liu

While much hoopla is made about Virginia’s anti-spam law and statistics are bantered about regarding the inordinate amount of fraudulent spam, we should not
loose sight of the real problem in spam. That problem
is the unauthorized use of a person’s property.

Storage space provided by an Internet service provider
is rental property — similar to that of a storage
locker in a mini-warehouse. That space belongs to the
customer paying the storage fee, not businesses —
legitimate or fraudulent — that want to occupy that
storage space with their advertising.

Fifty legitimate businesses spamming at one email per day has the same
effect as one fraudulent spammer sending 50 emails per day. Opt-in — email marketing with permission — is the only ethical method of email marketing and that’s the legislation spam victims across America should be seeking, along with a private right of action so we can have a million-person army going after the spammers.

— Bruce Miller,, Seattle, Wash.

Just wanted to share a tidbit with you. In your article you noted that
you didn’t know why sendmail allows you to “change” the FROM: field. In
short, it doesn’t.

It is set once when the email session is set up but there is almost no way to verify it. If my mail program connects to your mail server and says (for the FROM: field) I’m [email protected], your email server cannot easily say that I am not since there is no
password verification — and due to the way email works currently, there cannot be.

Your article also, I feel, unfairly pointed the finger at sendmail. Sendmail is one flaw, sure. But the flaw isn’t sendmail — it’s the email specification. These same flaws exist in Postfix, Microsoft Exchange Server and every other MTA currently in existence.

To note another point, if you disable message-bouncing, how will your mom
know she misspelled your email address and you don’t know that she wants you at dinner at 6 instead of 7? 🙂

Otherwise, great article for getting the clueless masses a step further into the email discussion.

— Tom Allen, Systems Administrator

Hello Bob,

From someone who spends a good deal of her day reading spam related articles (I rep SpamSubtract from interMute), I just wanted to say how refreshing it was to read your article. It was good to see someone questioning what the legislature and the big three are saying and doing instead of just regurgitating what they put out.

I just wanted to say I enjoyed your article.

Thank you,

— Lisa Dilg, PerkettPR for interMute

Ah…you seem to have more of a head on your shoulders than most. Here’s a couple of comments I hope are useful.

…All that effort put into “securing” relays and proxies doesn’t stop the spam. I’d say it’s time for some good old contrarian thinking.

If going against the spammers is failing — and it is — then try going with them … see where that might lead. How would you do that? One way would be to figure out how the spammers look for open relays and open proxies to abuse and to give false results to the spammers. You can’t falsify the results of the open relays … so the only option is to falsify the results of secure servers. A true result is “we don’t relay” so a false result would have to be “we do relay.” Let’s see how that would go and see if it would work.

It’s pretty easy to find out how spammers find open relays. There’s only one way: look for them — same as anti-spammers used to do…same as some of those perhaps still do. The spammers attempt to send an email message to themselves through some list of IPs. Check the logs of about any email system and you’ll find rejected relay email messages. Chances are those were relay tests were sent by spammers. What we want to do is fool the spammers. We’d be doing the truthful thing if we rejected the message so the fooling will require that we accept the message. (Almost all “secure” email systems reject relay messages as soon as it is seen that the recipient isn’t local…if the source isn’t local.) The next step is to deliver the message. That’s it. That should deceive the spammer (for now, anyway.) He sees the message went through; he marks
that IP as being an open relay; he plans to soon send spam through it if he needs a new open relay. And why was he looking if he didn’t?

— Brad Spencer, anti-spam advocate

News Around the Web