[PLUG] what is the point of PGP-signed emails?

Jason Van Cleve jason at vancleve.com
Tue Dec 9 21:18:02 UTC 2003


Quoth Zot O'Connor, on Tue, 09 Dec 2003 16:41:22 -0800:

> Does it matter how long?  As long as the time period is less than the
> point in time when 100% of the mail is read by victims, then it works.

Er, if a spammer can pump out 100,000 ads in an hour, but it takes days
to identify it, then "it works" doesn't mean much overall.

> If you want, you can hold all unknown mail for a period of time (2
> hours as a guess) until the peak time (when the spammer key is mostly
> likely identified and has been reported to the razor-PGP servers).

Two hours for a process which may take two days?  Sounds like a lot of
inconvenience just to break off a little corner of spam traffic, doesn't
it?

> > Why would that make it harder?  Keys can be generated easily enough,
> > and spamming from multiple servers (as is often done using RATs)
> > would make it even easier.
> 
> Oh come on.  By definition it is harder than what spammer can
> currently do.  

Which hardly means it will slow down spam appreciably.

> 1)  It forces them to send 1 mail per user.  This greatly increases
> overheard *per* mail.  Most spammers still bulk send their mail.

> 2)  It makes them calculate keys per mail, and sigs per mail. Even
> milliseconds adds up when we are talking millions of mails.

Why is that?  I thought only the body of the message is signed.

> 3)  It may even make them have to keep those keys around.  If the
> return contact is not via web/phone, they have a logistics issue.

Not sure what this means, sorry.  They'll be creating arbitrary keys
just to get through filters.  The contact method won't change.

> 4)  All of these processes leave huge forensics trails.

How?  A single virus can be written to gen' keys and send spam from a
compromised host.

> One of the main ways to attack spammer is to penny them to death.  The

Great theory, like charging everyone a fraction of a penny for each
email sent.  Thing is, spam is sent anonymously from hijacked servers. 
(RATs are generating a third of it, for example.)  So spammers won't
really feel it.

--Jason Van Cleve

--
Quidquid latine dictum sit, altum videtur.




More information about the PLUG mailing list