On Sun, Feb 23, 2003 at 05:45:08PM -0700, Bob Bish wrote:
> All I'm saying is that viruses are worse than spam. Spam is just
> advertising. It's inconvenient and invasive, but it's pretty harmless
> (possible exception: very graphic, very explicit porn spam like I
> sometimes get).
Interesting. I don't mind viruses at all: in part, that's because there
are no Windows systems here, not even any Intel processors, so that
insulates us from the impact of nearly all of them. (Nope, no Macs
either.) So from my personal perspective, they're just an annoyance.
But I recognize that for other folks, that's not the case: we all have
different sets of security concerns.
However, spam is another matter -- did you read my article ealier
in which I enumerated three incidents (out of a much large incident
set I'm aware of) in which spam attacks cost me real money and time?
Are you aware of the numerous instances in which folks have had their
address/domain forged into spam headers and have thus been subject
to indirect denial-of-service attacks (e.g. millions of bounces) Are
you aware that AOL tacks $3/user/month onto the bill just to cover the
cover of their anti-spam defenses? Have you seen what happens to even
a well-designed, well-provisioned mail server network when it's hit with
a spam attack from thousands of hijacked relay/proxies simultaneously? 
It's not "harmless"; it's anything but. If you doubt that for an instant,
I invite you to try out that argument in Spam-L -- where you will get
some very interesting responses from people running ISPs, corporate mail
networks, and so on. These aren't newbies -- these are people with a
lot of years of experience and a lot of clue. And even they are often
pushed to the limit. None of them *want* this: they'd be perfectly happy
if the problem would go away so they could do something productive
rather than spending time defending their networks. But there's not much
choice, any more, unfortunately.
[ BTW: since you mentioned porn spam: there has been a recent instance
where receipt of porn spam resulted in someone getting fired. (person
got the message, opened it, it opened windows onto a web site, wrong
person walked by at the right time, etc.) I believe it's been straightened
out and I think it's an isolated case, but it won't be for long. This
opens another legal can of worms: suppose you're an ISP and you happen
to know that Worldreach sends not just spam, not just porn spam, but
porn spam with content that's illegal in your jurisdiction? What do you
do? What don't you do? And will you be clobbered in either case? ]
And no, it's not "just advertising": spam is unsolicited bulk email:
whether it's advertising or a virus or porn or a charity pitch
or political canvassing or stock pump-n-dump or get-rich-quick or
buy-my-widget or anything else is irrelevant: as is so often said,
it's not about content, it's about consent.
 Spammers *seem* to have learned not to do this any more because it
defeats their own purpose. However, there are a few out there who are
either using old spamware or who have misconfigured their copies and still
try this occasionally. The only viable defense -- since there's no way
a priori to know where the attack will come from -- is to monitor the
attempted connection rate to port 25 and stop accepting connections if
it exceeds a given threshold. That's of course got an entire set of
drawbacks of its own. There's also been some recent discussion about
the propensity of some spammers to hit backup MX's, an observation that
I can confirm from analysis of my own mail logs. It's unclear what the
purpose of this, unless it's based on the supposition that backups will
not be as protected as primaries -- or that perhaps hitting all the
backups instead of the primary will allow a larger number of connections
in less time.