Just wondering what % of spam comes from zombies ?

Capt'n Midnight

http://news.com.com/Microsoft+pushes+spam-filtering+technology/2100-7355_3-5758365.html?tag=st.pop

If your e-mail does not have a Sender ID, Microsoft wants to junk your message.
Sometime around November, Hotmail and MSN will flag as potential spam those messages that do not have the tag to verify the sender, Craig Spiezle, a director in the technology care and safety group at the software maker said Wednesday. The move is meant to spur adoption of Sender ID, he said.

But won't zombies have a valid Sender ID ?
so what would it acomplish except target spammers who already have a tracable ISP account - or am I missing something ?

ressem

It won't really cut down on spam, it'll make spoofing a bit more difficult.
SPF's HELO can be spoofed but MS's patented, licensed PRA should be a little better if any mail servers are allowed use it.
Better than rDNS anyways which couldn't be obtained from many ISPs.

Most zombies won't have a domain record, other than the ISPs address block, so they wont have an SPF record. Only their ISP's SMTP out server will.

If you need to spoof mail a domain that isn't in your control, zombies might steal authentiation info or use free ISPs with shared logins, use ISP's SMTP/webmail servers as a relay if they need to decrease their spam score. There might be an increase in zombies and virii using mapi again rather than their own smtp server.

Nothing stopping people from getting a domain for a fiver and throwing a few million mails through it, before it's reported and domain wholesaler has to shut it down.