RE: [Asrg] REDIRECt to ASRG RE: Reputation systems

["John R Levine" <johnl at iecc.com>]

> incoming spam. The XBL caught a lot more, but still less than 65% of the
> spam. But this better performance cost nearly 30 false positives (each
> of which could lead to a very irate customer for a business or
> government organization).

30 out of how many?  People I know who use the XBL and the CBL (the main
source for the XBL) tell me that the fp rate they see is very low.  This
includes people at big companies who depend heavily on e-mail.

> The numbers seem to indicate that IP-based blacklisting is essentially
> useless without further content filtering. None even came close to
> filtering 75% of spam, and some caused hundreds or thousands of false
> positives.

I hope that doesn't come as a surprise to anyone.  The advantage of DNSBLs
is that they are cheap to use and can reject mail very early in the SMTP
process.  If you can knock out 2/3 of the spam with DNSBLs, you can avoid
2/3 of the expensive content based scoring filters.

> I wonder if the same poor performance will be the output of
> domain-name-based reputation systems after MARID's work is widely
> deployed.

The only honest answer is that nobody knows.  In the forseeable future,
MARID verification will only be useful to whitelist domains known to be
friendly.

Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg