Re: [Asrg] Some data on the validity of MAIL FROM addresses

[Kee Hinckley <nazgul@somewhere.com>]

At 12:56 PM -0400 5/18/03, Fred Bacon wrote:
> I nice idea, but what we really need is the script you used to analyze
> your logs.  Then additional data can be collected at a variety of
> locations.
I will provide them.  However they are specific to CommuniGate Pro, 
and requiring turning on low-level SMTP monitoring so I can track the 
transactions.  Among other things that means that I'm getting about 
40MB of log files every night for those 40,000 bounces.  But I will 
provide the Perl libraries that I used to do the testing and generate 
the database.  Just give me a bit of time this week to do all the 
work that I was supposed to have been doing instead of this :-).

> I realize that there are many on this list who find data collection to
> be pointless, but Kee Hinckley has shown this to be incorrect.  Vernon
> Schryver's assertions were useless (even if correct) without hard
> evidence, and Kee's data is insufficient without wider deployment.
Yes.  It's limited data, and it's from an odd system.  Somewhere's 
email is somewhat abnormal compared to most companies or 
ISPs--although it probably looks more like a small ISP.

> Likewise, Vernon's followup that Kee is analyzing a different statement
> than Vernon asserted is a legitimate concern.  The data analysis
> methodology should be publicly vetted to ensure that it is providing
> meaningful and acurate data.
I don't think we're that far off.  The main issue is that spammer 
drop boxes get shut down--so the longer it is before you run the 
test, the less likely you are to get a valid email address.  (I've 
considered testing that assertion.  I might try periodically 
retesting addresses and seeing if disappear.)

At 2:49 PM -0400 5/18/03, Yakov Shafranovich wrote:
> Therefore, it is not possible to determine with certainty whether 
> these accounts actually existed. A better testing strategy would 
> actually send email to these accounts with the DATA command and 
> watch for bounce messages. However, spammers can always choose to 
> use a real email address as the return address and sending email to 
> valid accounts in itself may be considered spam by the recipients.
Yes.  I should have noted that this will report some number of items 
as valid when they are not.  However unless (as someone as asserted) 
the major ISPs are doing this, it doesn't impact the numbers we see 
for them.

Sending real messages is a bit risky for reasons other than just 
getting spam.  First of all, you can't send a bounce messages with no 
MAIL FROM (which you normally would) because you want to see the 
result.  Secondly, you run the risk of getting blacklisted as a 
spammer if you send too many test messages.  (Yes, it has happened to 
me.)
--
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg