[Sks-devel] Dump

[R P Herrold]

On Wed, 13 Oct 2010, John Clizbe wrote:

> Do you REALLY think spammers pull addresses one-by-one?

> > I think you are running around solving a problem that does not exist, and
> > impariing the privacy of a whole community's members

> Please explain how making available publicly available information is impairing
> privacy. That argument sounds a tad too much like "Security by Obscurity" and
> the abysmal success of that approach is widely known.

I'll unsubscribe from this list at the end of the day.  I dont 
need the sarcasm from the last couple of posts.  I did not 
just roll off of the turnip truck as to spam -- I was  active 
from the start with the DSBL (and before that the predecessor 
ORBZ [domain has expired - link removed]) anti-Open Relay, 
anti-spam identification tool.  'A credentials war is 
rarely useful on the Usenet'

At DSBL we did distributed one-off 'host at an IP' testing of 
potentially spam producing, organically assembling a 'vetted' 
list of IPs that were demonstrably mis-configured; the 
counter approach is a 'wholesale' listing of blocks of IPs 
based on generalizing rules (is the name not se tin a PTR, is 
the name one that looks like: a dialup, a residential, a block 
from a disfavored country

The issue is one off vs. wholesale, and the initial inquiry 
from the .edu poster demonstrates that it is not generally 
known how to get all 2.9 million without effort beyond that of 
a casual attacker

Facilitating anonymous wholesale transfers increases the size 
of the population able to readily have a corpus to spam at, 
with a set of assumedly valid email addresses and matching ID 
information

Please explain how adding to that pool of bad actors by 
providing ready access to a frequently updated corpus is a 
win -- If I were a black-hat, I'd be building a new product 
already to leverage those wholesale updates

-- Russ herrold