nslookup from WinNT machine

[Kevin Darcy]

Brad Knowles wrote:

> At 6:43 PM -0400 5/30/01, Kevin Darcy wrote:
>
> >  Again, you're mischaracterizing my statements to be much more absolute
> >  and extreme than I originally expressed them. I'm sure PTR-verification
> >  prevents *some* spam. Today. But as the spammers get more sophisticated,
> >  it'll probably prevent less and less of it.
>
>         Where is your evidence for this claim?  My experience is that the
> amount of stuff being sent with one particular flaw or another never
> decreases, indeed it usually continues to increase, as others find
> other mechanisms to get around the protective measures you've
> implemented so far.

My evidence is mostly anecdotal, unfortunately. I get a fair amount of spam myself (largely this is a permanent
penance for being very active on Usenet in the early 90's, back in the Age of Spam Innocence). I examine the
headers quite frequently and over time, it seems that more and more Received: headers indicate successful
reverse-resolution. Which tells me that PTR-verification wouldn't have prevented the spam.

>         Imagine having a firehose pointed at your head, and you manage to
> do something to get the amount getting through to be reduced by 25%.
> Only, the firehose doesn't stop, and if you let your guard down,
> you'll get blasted again by that part you had previously managed to
> block.
>
>         Meanwhile, there are other people who are working to get the
> pressure increased on the part that is getting through.  At that
> point, if you were to drop your guard, you'd feel a much greater
> increase than just an additional 25%, since it would now be a larger
> portion of a higher-pressure water flow.

Well, if that were the case, why wouldn't I be seeing an *increase* in no-PTR spam, as the no-PTR spammers
gravitate away from PTR-verifiers and towards us? Or do you think that the phenomenon I'm seeing is just the
side-effect of others' PTR-verification efforts?

>         If you have any real-world experience to the contrary, I (and
> other anti-spam experts around the world) would love to hear it.

So would I. I don't consider myself a spam expert. Our Security department deals with that. I'm just responsible
for getting the mail in and out. (And I do some DNS work too :-)

> >              The only difference, I think, between my perspective and
> >  your (if I may characterize as ISP-oriented) perspective is that we
> >  (DaimlerChrysler) are perhaps further along that timeline than most
> >  because of our relative tolerance of spam versus false-rejection.
>
>         Even if you were right, by virtue of working for number sixteen
> on the Forbes Super 100, with more than $150 billion Y2000 revenues
> and $54 billion market value (according to
> <http://www.forbes.com/finance/lists/15/2000/super100.jhtml?passListId=15&passYear=2000&passListType=Company>),
> you'd be sitting up there in some pretty stratospheric territory, and
> I don't think that you'd be in a particularly good position to
> accurately determine what an appropriate perspective would be for the
> 99.999999999% of the rest of the world that doesn't have those kinds
> of issues to contend with.
>
>         Indeed, I think I could make a pretty strong case for your
> situation being so radically different from virtually everyone else
> in the world that you are permanently in a totally different
> category, and many of the kinds of things you do or deal with on an
> everyday basis simply aren't necessary or perhaps even appropriate on
> a smaller scale.

But I think I can extrapolate (interpolate?) somewhat. We may be an extreme case, but then large ISP's are perhaps
on the other end of that spectrum. I suspect most businesses fall somewhere in between, as far as their attitudes
and policies wrt spam and email service levels.


- Kevin