Will it work?

1 view
Skip to first unread message

Dr Dave

unread,
Mar 1, 2010, 2:25:41 PM3/1/10
to Registry
We can split this question into three parts:

1) Will there be some technical problem making the Registry less
effective than we expect?

2) Will large numbers of receivers start using the Registry, enough
that there is a significant reduction in the number of targets for
abuse.

3) Will this reduction be enough to put the botnets out of business,
or will they just find some other source of income?

First on the technical issues, we are quite confident we can do as
well as any of the commercial services now offering "protection" from
the flood of abuse on the open Internet. We have been running a
Registry for the last year, protecting one small domain, box67.com.
Performance has been better than expected - no spam in our inboxes,
and no lost message. Contrary to our initial expectation, there are
very few "marginal" senders. They are either good or bad. Legitimate
domains simply don't tolerate any abuse of their transmitters.

On the second question, we just have to look at how much money is
being spent by domains large and small to protect their email
recipients. This is a $2 billion per year industry. A free service
will certainly be attractive to those domains that can't afford these
annual fees, but would like to avoid the abuse. That leaves only the
domains that either don't care or don't know that free and effective
protection is available.

The third question is the most interesting. Botnets are supported
mostly by petty criminals pushing spam, phishing scams, and other
fraud involving bulk email. Business is already marginal [Kanich
2008]. "Break even" used to be 10 suckers for every million messages
sent out. Now it seems the botnets are getting only one "conversion"
for every 15 million messages. Cutting their "audience" by a factor
of ten will probably force them to find another "business model". Can
they make up these losses by selling DoS services? Maybe click fraud
will be enough to sustain their business.

Even if we fail to eliminate the botnets, the impact on petty crime
should be well worth the small cost of operating a network of Registry
servers.

Reply all
Reply to author
Forward
Message has been deleted
0 new messages