[conspire] Mailing list servers and the spam problem
Josef Grosch
jgrosch at gmail.com
Wed Feb 25 14:51:08 PST 2015
On 2/25/15 2:07 PM, Rick Moen wrote:
> Quoting Scott DuBois (rhcom.linux at gmail.com):
>
>> A good example of why I send _signed_ mail and suggest others do as
>> well.
> Sending signed e-mail seems at first useful to ensure that other people
> won't believe forgeries are from you. You think 'Ah, other people will
> _know_ it's not from me because it doesn't verify as having my GPG
> signature.'
>
> This _could_ work if (1) people have a chain of signatures permitting
> them to trust that the key is yours, and (2) they are bothering to check
> keys at all.
>
> And that's almost nobody, at present.
>
> General-case spam sent out from a compromised webmail account is not
> relying on recipients _believing_ that the sender is real. The spammer
> is merely trying to reach more people and take advantage of
> whitelisting.
>
> For the second case of 'send money to me because I'm a stranded
> traveler' fraud mail, the spammer _is_ hoping some recipients believe
> the impersonation, _but_ as with similar 419 advance-fee frauds, they're
> consciously aiming at unusually credulous people. Indeed, they're
> tailored to be worded to have a particular, very peculiar narrative with
> the explicit intent of reaching a narrow, vulnerable subpopulation:
> http://news.yahoo.com/study--obvious-nigerian-scam-emails-appear-that-way-for-a-reason.html
> http://www.techrepublic.com/blog/it-security/the-truth-behind-those-nigerian-419-scammers/
>
> All the 'send money to me because I'm a stranded traveler' scammers need
> is to find a _single_ person in a compromised Yahoo Mail account owner's
> address book who falls for the story, and they can steal vast amounts of
> money. And the odds of their target population even noticing a missing
> gpg (let alone wrong) signature is exactly zero.
>
>
>
The 'send money to me because I'm a stranded traveler' is know as the
Spanish Prisoner . It's one of the oldest confidence scheme known,
dating back to the 16th century. A number of studies have shown that
the return on these scheme, that is the number of people who respond to
this, is miniscule, if I remember correctly it's hovering around 0.01%.
Considering the cost to sent out tens of thousands of emails is
basically nothing and the fact that Nigeria and most of west Africa are
very poor countries, the couple of thousand they do manage to bilk
people out of is, for them, lucrative.
Until the underling protocols of email are revamped to include strong
and automatic authentication and authorization we will never be rid of
these schmucks. If one thinks about this for more than a few seconds one
quickly comes to understand that task of developing such a protocol,
getting the various group that develop and support email to adopt this
new gee-wiz protocol and, then get the world converted over is the
proverbial kicking a dead whale down the beach.
Josef
--
Josef Grosch | Another day closer |
jgrosch at gmail.com | to Redwood Heaven | Berkeley, Ca.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20150225/8e56cd4f/attachment.html>
More information about the conspire
mailing list