Re: Spammers LUV SpamAssassin

From: Peter Jones (
Date: 09/02/03

Date: 02 Sep 2003 09:19:15 GMT

Alan Connor <> wrote in

> That's just stupid. Spammmer cannot operate on individual cases.

Not yet, perhaps, because there are still plenty of easy targets out
there, so that targeting individuals is just not cost-effective. Do you
really think that if the entire world adopts C/R systems, the spammers
will sit idly by, going hungry? No, they will just adjust their tools to
suit the current environment and start targeting individual To:/From:

> Except that the only thing that goes out is an RAV, not a copy of the
> spam.

But if you, address A, have address B on your whitelist because address B
belongs to your mother or your best friend or your boss, then won't mail
coming from address B end up in your email system? And if the spammers
forge mail from address B, won't that also appear in your email system?

>> Again, my concern is for the innocent third party, who had their e-mail
>> address used by a spammer, and who has never heard of address
>> verification software.
> Yes. And my concern is that I don't get any spam.

You will, Alan, you will...

I think the point is patently clear that Alan does not care about the
negative consequences of what he is doing, so long as he does not see any
of it -- and since his favourite method of dealing with any form of
negative feedback is to blacklist and/or killfile the person it is from,
he won't see much of it at all.

>> Of course, that's a security problem for the address book/e-mail client
>> authors to deal with, not a problem with elrav and the like. However,
>> I don't think elrav (or *any* other means) will ever stop spammers from
>> sending spam. For how many years have we been trying to deal with
>> postal junk mail, telemarketers, and the likes? A lot longer than
>> e-mail spam, I'd say, yet those are still common.
> Well, you are simply wrong.

Well, it seems easy enough these days to beat postal junk mail by simply
putting a "No Junk Mail" sticker on your postbox -- at least in this
country. That works because the junk mail must have some form of
identification/contact details, or it is worthless as advertising, and
most organisations now recognise that alienating potential customers (by
placing their junk in your mailbox against your express wishes) is a bad
business move.

Perhaps that is the answer to the spam issue too. Remove the aspect of
anonymity. Most spam messages (viruses aside) are selling *something*;
perhaps if everybody who received one contacted the actual business behind
the advertisement and politely but firmly expressed their displeasure at
receiving the spam (and our firm intention to never purchase any object
advertised through unsolicited email), they would start to get the

Or perhaps I'm just a poor naive fool... :-)

> There is no way to beat that system. They cannot POSSIBLY afford the
> staff that would be necessary to get even ONE spam through to a sizable
> mailing list.

Sure there is. Who needs staff? All you need is a valid email address
(and personally I can never understand why people advertising a product
make it so difficult for you to actually contact them! How do they
actually expect to sell anything?) and a reasonably intelligent script
which can recognise a wide range of incoming RAVs and respond to them
appropriately, thereby getting their message into the system (and secure
in the knowledge that they have a valid email address at the other end.)

And if the RAV actually has something as blatant as an X-RAV header
identifying itself, it just makes their script's job that much easier...