On Mon, 02 Dec 2002 14:33:16 PST, "Hallam-Baker, Phillip" said: > If the spammer wants to perform custom operations for each > constituency they want to spam. No - you need a single custom cert/identity for each spamming run of several million. Unless you were *really* intending to cross-check the 3,000 spams they dropped on the IETF lists against the ones they sent to yahoo.com's mailers, and the ones to AOL, and the ones to MSN, etc etc.. The worst part is that they would then present the *same* credentials to the main IETF list and all the working groups. This ends up leveraging one of the strong points of digital signatures - if a signature is "well known" because it's seen widely, it gets taken more seriously. And there's no really good way to tune this - I'm sure I post more to IETF lists than most spammers do, so you can't even say "if they post more than X/day they're spammers".... > I don't think they do, they have to be able to spam millions > of people at a time or the response rate is simply too low. > Reported response rates are in the thousandths of a percent, > so spamming the entire IETF gets less than a tenth of a customer. But they got a tenth of a customer for *ONE* piece of outbound mail. Which is an extraordinary response rate. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00157.pgp
Description: PGP signature