Supposedly if you put a newly installed, unpatched Windows box on the
'net,
with an Outlook address book full of fresh spamtrap addresses, you'll
start
getting spam to those addresses in something like 3 hours.
And if you buy a recently expired domain name and set up an SMTP server
for it, then you will receive incoming email for quite a long period of
time. Each one of those messages will have valid From and CC email
addresses
that you could collect.
In order to truly secure the net against spammers we would need to secure
both the email system and the DNS system. I use the word "system" in the
context of General Systems Theory, to refer to everything connected with
the transport of email across the Internet including the users, their
interfaces, the MUAs, the MTAs and the protocols. Similarly for DNS, I
include things like the domain name registries and registrars and their
policies.
Bandaid fixes only buy time, they don't fix the problem.
--Michael Dillon
P.S. ASRG is a good idea because it is systematically collecting and
validating a lot of what we know about spam to make it easier for
decision makers to understand the issues.
http://www.irtf.org/asrg/
-----BEGIN PGP SIGNED MESSAGE-----
In order to truly secure the net against spammers we would
need to secure both the email system and the DNS system.
I use the word "system" in the context of General Systems Theory,
to refer to everything connected with
the transport of email across the Internet including the users, their
interfaces, the MUAs, the MTAs and the protocols. Similarly for DNS, I
include things like the domain name registries and registrars
and their policies.
And we would need to protect the edges so that spammers can't just
announce some netblock and spam the hell out of you, retract the
announcement and are clean like babies (after washing them 
For instance atm in IPv6 some entity is announcing 2001:248::/32
from a Japanese ASN, with a sole upstream AS in Hungary.
I also saw a deallocated 6bone block trying to be used for
circumventing a firewall rule, announcing the old block and
hope the stupid admins didn't remove the old allow rules
For the above to happen we really need a good filtering system
in place allowing the router to decide if an announced prefix
is really valid and if it really belongs to the originator and
that the originator is allowed to announce it.
ORF is a start but that only works between two boxes and basically
tells the peer which prefixes you want to accept, then you will
still need to configure that on every single router. What we
really need is a way of inserting a prefixfilterlist into BGP,
thus when a new allocation comes up that allocation can be added
to the list quickly and announced per BGP.
Things like trusting the source ASN is then another
step. Unfortunatly we cannot control the complete internet as
there will always be rogue operators, but we can make the best
of it and try to exclude those networks from doing harm to
the rest of the world. It's all about trust and sometimes
that is a hard thing to find in this world.
Greets,
Jeroen