Barry Shein
2014-01-06 03:26:01 UTC
Ok, if we do these tit-for-tats nothing will be accomplished.
It's too easy to take some overly literal interpretation of someone
else's words and spin a rebuttal. And paragraphs of anecdotes from
one's own mailbox really isn't useful either, maybe you're just lucky?
That said:
What's a current taxonomy of what we're trying to deal with?
If I may be so bold, what can we agree on, where should effort be
expended:
1. High volume "bulk" mailers with no discernible business
relationship with intended recipients whose intentions may or may
not be per se malicious.
e.g., Hawking herbal viagra -- if that's really what you get it's
not necessarily malicious. Doing it to a billion mailboxes per day
unsolicited is a problem. Hawking what appears to be a product
which is in high rotation on late night TV (e.g., those expandable
hoses) when all you want is a credit card number to abuse is
malicious and a problem.
2. Phishers -- those who specifically create deceptive email intended
to lure recipients into a position of trust soas to defraud them.
3. Direct fraudulent or trust appeals such as 419 ("Nigerian Scam".)
Also falsely appearing to be a legitimate charity and similar (or
is that a separate category?)
4. High volume unsolicited or questionably solicited (according to
CAN-SPAM or other similar standards) email even if from a
verifiably legitimate source (green card type spam.) Let's call
this spam by unscrupulousness.
5. What about email dictionary attacks and similar?
e.g., I'll see connections for ***@theworld.com,
***@theworld.com etc, hundreds per minute, or just what looks
like pick-a-random-mailbox or next in a large list and attach
@theworld.com, again hundreds per minute.
6. What appears to be purely malicious or hard to discern very high
volume email.
e.g., empty or indecipherable or trite ("hello!") bodies and/or
subjects.
What am I missing? Assuming one needs to start somewhere where would
we start?
There's also a broader category implied by the above:
A. Spam which hits end-users' mailboxes.
B. Spam which is blocked but represents bandwidth and storage problems
to service providers and the net in general.
Those last two, A & B, are in my experience on lists like this very
important because they tend to separate people on these lists.
Those not particularly concerned with (B) tend to only want to focus
on (A), if it doesn't hit my box it's not important.
Those concerned with (B) tend to be interested in both as they tend to
be service providers.
Wikipedia has an article on "Email spam" which lists some of these but
tends to be more descriptive (e.g., talks about legality and countries
of origin.)
http://en.wikipedia.org/wiki/Email_spam
It's too easy to take some overly literal interpretation of someone
else's words and spin a rebuttal. And paragraphs of anecdotes from
one's own mailbox really isn't useful either, maybe you're just lucky?
That said:
What's a current taxonomy of what we're trying to deal with?
If I may be so bold, what can we agree on, where should effort be
expended:
1. High volume "bulk" mailers with no discernible business
relationship with intended recipients whose intentions may or may
not be per se malicious.
e.g., Hawking herbal viagra -- if that's really what you get it's
not necessarily malicious. Doing it to a billion mailboxes per day
unsolicited is a problem. Hawking what appears to be a product
which is in high rotation on late night TV (e.g., those expandable
hoses) when all you want is a credit card number to abuse is
malicious and a problem.
2. Phishers -- those who specifically create deceptive email intended
to lure recipients into a position of trust soas to defraud them.
3. Direct fraudulent or trust appeals such as 419 ("Nigerian Scam".)
Also falsely appearing to be a legitimate charity and similar (or
is that a separate category?)
4. High volume unsolicited or questionably solicited (according to
CAN-SPAM or other similar standards) email even if from a
verifiably legitimate source (green card type spam.) Let's call
this spam by unscrupulousness.
5. What about email dictionary attacks and similar?
e.g., I'll see connections for ***@theworld.com,
***@theworld.com etc, hundreds per minute, or just what looks
like pick-a-random-mailbox or next in a large list and attach
@theworld.com, again hundreds per minute.
6. What appears to be purely malicious or hard to discern very high
volume email.
e.g., empty or indecipherable or trite ("hello!") bodies and/or
subjects.
What am I missing? Assuming one needs to start somewhere where would
we start?
There's also a broader category implied by the above:
A. Spam which hits end-users' mailboxes.
B. Spam which is blocked but represents bandwidth and storage problems
to service providers and the net in general.
Those last two, A & B, are in my experience on lists like this very
important because they tend to separate people on these lists.
Those not particularly concerned with (B) tend to only want to focus
on (A), if it doesn't hit my box it's not important.
Those concerned with (B) tend to be interested in both as they tend to
be service providers.
Wikipedia has an article on "Email spam" which lists some of these but
tends to be more descriptive (e.g., talks about legality and countries
of origin.)
http://en.wikipedia.org/wiki/Email_spam
--
-Barry Shein
The World | ***@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
-
This is the asrg mailing list. To change your subscription settings, see
http://lists.services.net/cgi-bin/mj_wwwusr/domain=lists.gurus.org
-Barry Shein
The World | ***@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
-
This is the asrg mailing list. To change your subscription settings, see
http://lists.services.net/cgi-bin/mj_wwwusr/domain=lists.gurus.org