[78833] in North American Network Operators' Group
Re: IBM to offer service to bounce unwanted e-mail back to the
daemon@ATHENA.MIT.EDU (Anne P. Mitchell, Esq.)
Wed Mar 23 15:54:53 2005
In-Reply-To: <20050323203748.2EE11912D9@trapdoor.merit.edu>
From: "Anne P. Mitchell, Esq." <amitchell@isipp.com>
Date: Wed, 23 Mar 2005 12:54:10 -0800
To: nanog@trapdoor.merit.edu
Errors-To: owner-nanog@merit.edu
On Mar 23, 2005, at 12:37 PM, RSK wrote:
> On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote:
>> http://money.cnn.com/2005/03/22/technology/ibm_spam/
>
> If this write-up is accurate,
It's not. =46rom the http://www.aunty-spam.com website:
IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse!
Did you hear? IBM is spamming spammers! It=92s all over the Internet, =
and =20
tongues are a=92wagging! Except, it ain=92t so. IBM is not spamming =20
spammers.
Whether you think that spamming spammers is right or wrong, IBM ain=92t =
=20
doing it, and shame on CNN for getting it so wrong, and making IBM look =20=
so irresponsible, and in league with the likes of Lycos=92 =93Make Love =
Not =20
Spam=94 DOSsing Screensaver program, and the notorious Mugu Maurauder =20=
bandwidth sucking program.
You can=92t really blame the folks who read CNN=92s horribly wrong piece =
=20
for spreading the rumour, after all it was quite sensationalist:
=93Spamming spammers?
IBM to offer service to bounce unwanted e-mail back to the computers =20
that sent them.
March 22, 2005: 12:22 PM EST
NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends =20
unwanted e-mails back to the spammers who sent them.
The new IBM (Research) service, known as FairUCE, essentially uses a =20
giant database to identify computers that are sending spam. E-mails =20
coming from a computer on the spam database are sent directly back to =20=
the computer, not just the e-mail account, that sent them.=94
Wrong, wrong, wrong.
About the only thing which the article got right is that the program is =20=
called =93FairUCE". FairUCE, according to IBM=92s own FairUCE website, =20=
readily available for anyone to read (cough=85CNN reporters..cough), is =
a =20
=93spam filter that stops spam by verifying sender identity instead of =20=
filtering content".
Let=92s say that again: FairUCE is a spam filter that stops spam by =20
verifying sender identity instead of filtering content.
If FairUCE can=92t verify sender identity, then it goes into =20
challenge-response mode, sending a challenge email to the sender, to =20
which the sender must reply, to demonstrate that it is not a spambot =20
sending the mail in question, but a real live person.
Here is IBM=92s explanation of how the FairUCE system works:
=93Technically, FairUCE tries to find a relationship between the =
envelope =20
sender=92s domain and the IP address of the client delivering the mail, =20=
using a series of cached DNS look-ups. For the vast majority of =20
legitimate mail, from AOL to mailing lists to vanity domains, this is a =20=
snap. If such a relationship cannot be found, FairUCE attempts to find =20=
one by sending a user-customizable challenge/response. This alone =20
catches 80% of UCE and very rarely challenges legitimate mail.=94
Now, being kind, it=92s possible that the good folks at CNN mistook =
the =20
sending of the challenge for =93spamming the spammer"....
(Rest at =20
http://www.aunty-spam.com/ibm-not-spamming-spammers-fairuce-is-about-=20
fair-use-not-abuse/)
Anne
