[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Spam detection system proposal

To: asrg@ietf.org
Subject: Re: [Asrg] Spam detection system proposal
From: "David F. Skoll" <dfs@roaringpenguin.com>
Date: Wed, 5 Mar 2003 11:13:07 -0500 (EST)
In-reply-to: <3E661DBD.9080203@americasm01.nt.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.53.0303050901390.2189@shishi.roaringpenguin.com><20030305090933.130ffaac.moore@cs.utk.edu> <Pine.LNX.4.53.0303050925440.2189@shishi.roaringpenguin.com><20030305100529.4cfd97ad.moore@cs.utk.edu> <Pine.LNX.4.53.0303051006430.2189@shishi.roaringpenguin.com><3E661DBD.9080203@americasm01.nt.com>
Sender: asrg-admin@ietf.org

On Wed, 5 Mar 2003, Chris Lewis wrote:

> The question is associating the messages to get your counts.

No, you just associate IP address to count.  You can't possibly
associate to the message, because failed RCPT TO: commands never
get to the DATA phase.

> A spammer merely needs to have a big set of open proxies/relays and
> seriously randomize froms, and you can no longer generate counts of
> anything because you can't associate report "a" with report "b".

It is quite expensive to gather a large set of open relays.  If you're
sending out 500K messages, and you want to limit it to 1,000
messages/IP, you need to find 500 open relays.

Also, a lot of spammers are pretty unsophisticated and send from DSL
or cable-modem lines.  This scheme would get them pretty fast.

> Based on IPs and Froms, it'd be no better, and considerably worse
> once the spammers notice and evolve.

We need experiments to tell for sure.

--
David.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Spam detection system proposal
  - From: Kee Hinckley
- Re: [Asrg] Spam detection system proposal
  - From: Mark Delany
- Re: [Asrg] Spam detection system proposal
  - From: Chris Lewis

References:
- [Asrg] Spam detection system proposal
  - From: David F. Skoll
- Re: [Asrg] Spam detection system proposal
  - From: Keith Moore
- Re: [Asrg] Spam detection system proposal
  - From: David F. Skoll
- Re: [Asrg] Spam detection system proposal
  - From: Keith Moore
- Re: [Asrg] Spam detection system proposal
  - From: David F. Skoll
- Re: [Asrg] Spam detection system proposal
  - From: Chris Lewis

Prev by Date: Re: [Asrg] Spam detection system proposal
Next by Date: Re: [Asrg] filtering at connect time
Previous by thread: Re: [Asrg] Spam detection system proposal
Next by thread: Re: [Asrg] Spam detection system proposal
Index(es):
- Date
- Thread