Mike Masnick's My Short Life As An Unintentional Spammer is apropos again since, yes, I got another bounce message today. (I also got two Klez bounces with my actual address in the actual Return-path header, which (sometimes?) isn't faked like the From is, which have me worried.) Luckily my address is apparently pretty innocuous, since even last time when I got several a day, it was nowhere near Mike's 500.
This is another reason I'm curious about spamming software. What possibly makes it that much easier to fake someone else's address instead of making up an invalid one? What reason is there to make the intentional design decision to piss on bystanders, other than perpetuating the standard spammer MO of shitting where they eat? I still don't quite believe spam is a conspiracy to DoS the Internet, but it may as well be.
On reflection, I can't help but think it's entirely possible the wealth of spam we enjoy is the new script kiddie hobby, as Barry Shein believes. (Doesn't look like I blogged the link. There's also a Usenet thread by someone else I didn't blog. Tsk on me.) Anyway, that would mean the usual solutions Mike suggests--while admitting every solution is a trade for other problems--are ineffective are totally off-base, not addressing the real problem.
Not that I know what would.
Comments
comment
Part of the design reason is that many mailer daemons (versions of sendmail newer than about two years come to mind) actually do a look-up of the domain on the “from” e-mail address. If the domain is invalid, the e-mail “from” is thus tagged fake, and rejected (IP addresses without domains are also rejected). This check is of course easily fooled by submitting a real domain name, so, further, many mailer daemons also do more sophisticated checks on the username and such and reject names that are too long, contain weird characters, etc. etc. Thus, it becomes easier to fake a valid e-mail address because it’s unlikely to be caught by the mailer daemon itself.
My sendmail rejects a half-dozen spam attemps a day from bad domain checks, a few now and then from obviously faked usernames, and then rejects the rest because I’ve properly got my sendmail setup to disallow relaying (which newer versions have turned off by default instead of on, yay!).
Nonetheless, it’s still a pretty shitty practice on the part of the spammers, almost akin to identity theft. Not the least of which is because it can get the e-mail address they’re faking put on a black list (I believe the official, ‘net-wide list is called Black Hole), and then suddenly you - the real owner of that address - cannot send mail to places that subscribe to that list. I’ve had this happen.
comment
It’s pretty much as Puck says.
Really though… the whole deal involves the spammer wanting to guarantee that a spam address can’t be detected as a fake. What better way to guarantee that than to use actual addresses?