nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...]

From: Barry Shein via NANOG <nanog () lists nanog org>
Date: Sun, 6 Jul 2025 17:05:53 -0400

On July 6, 2025 at 10:18 nanog () lists nanog org (John R. Levine via NANOG) wrote:

On Sat, 5 Jul 2025, bzs () theworld com wrote:

It's a fine paper but it has one problem which is it sets up a
strawman: It proposes a particular architecture for e-postage (ok,
granted, more than one, but similar) and proceeds to knock it down.

1. Professional spammers send O(1B) msgs per day per each.


In the aggregate, sure, but there are plenty of spammers who send a lot 
less than that.


No doubt it's a "long tail" but this source estimates about 160B email
spam msgs per day (2023):

  https://www.emailtooltester.com/en/blog/spam-statistics/

The reason we all get the same spam messages to the point that one can
satirize one and get laughs from a crowd seems to indicate something
closer to the O(1B)/each, that is, not that many sources.

"Long tail" reasoning would say that of that 160B/day probably less
than 100 spam operations account for 100B or more which gets one
pretty close to O(1B)/day.

Admittedly totally back of the envelope but I doubt they're spread
evenly among sources.


The B2B spam I get from throwaway accounts at large mail 
providers is probably only 1000 or less at a time since that's all you can 
send that way.  I do not think there is one master criminal with a million 
throwaway Gmail accounts.


You've moved from spam to ham, no?




3. We only need to increase the costs to the sort of people who send
O(1B) messages per day to introduce some sanity into the system.


Beyond the fact that the underlying assumption is wrong, that's extremely 
unlikely to work unless you envision a world where you have to show ID and 
get a license to send mail.  It is certainly true that a large flow of 
mail from an unfamilar place is suspicious, so spammers have lots of ways 
of making their stuff look like lots of little flows.  It even has a name, 
snowshoe spamming.


I think you just set up another strawman and knocked it down.

Do you have to show ID to drop a stamped envelope in a postal box?

No, only to operate a postage meter and even in that case they aren't
a high security operation. You just can get in a lot of trouble for
defrauding them, even for using one w/o paying your bill.

So most businesses operate their postal meters honestly because the
downside of not doing so isn't worthwhile.

But anyone can buy a book of stamps, even a few thousand, and use them
w/o any ID.



At this point I get a whole lot of mail from Salesforce and Sendgrid.  I 
would love to block them but unfortunately they also send a lot of mail my 
users want, so I have to do hacks that try to recognize the customer and 
let through the less bad ones.  It is painfully clear that they have made
business decisions not to spend enough money on abuse management to clean 
this up.  The mail gets through, why should they?


Again this is what is generally called "ham" unless you want
to apply it to anything you're not personally interested in.

I tend towards that definition since they're not paying for it.

But not the main event here and I believe I already made that point:
That the tide of "ham" is rising because why not, it's just about free
in a world where any other form of advertising or marcom costs big
bucks.

One of the approaches post-9/11 to undoing the worst terrorist
networks was to disrupt their economics.

Some if it was almost comical, they were taking in millions per month
on grocery coupon fraud by bullying grocery store owners to submit
fraudulent coupon reimbursements.

Did it wipe out terrorism? No, not really, but it probably hurt and
was more creative than adding new cryptography requirements to
coupons.

So all I'm saying is we have to start thinking more about disrupting
spammers' economics and less about designing sharper razor wire
fences.

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/Q643VWEHSR6WRI2COCV7XBXG33QY6FS6/
Previous By Date Next
Previous By Thread Next

Current thread: