[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Please critique my anti-spam system

To: "Seth Breidbart" <sethb at panix.com>
Subject: Re: [Asrg] Please critique my anti-spam system
From: "Michael Kaplan" <mkaplansolution at lycos.com>
Date: Mon, 10 Jan 2005 02:06:09 -0500
Cc: asrg at ietf.org
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org

> >> > Let's do the math.  A spammer finds 5% of his spam reaches people.
> >> Way high.
> >
> > Define reach. Hit the disk or eyeball? Sorry if I'm behind here.
> > I think MORE reaches people.
> 
> Hits the eyeball, since disks don't buy stuff.
> 
> We'd have to get good estimate from someplace like AOL.
> 
> Also, a lot of place block at the IP level, so the spam never gets in
> to the spambox in the first place.

I would like to correct my math.  If I may quote from my own website:

"Email service providers will continue their practice of blocking the bulk of email that is suspected of being spam even before it is accepted.  Bounces are never sent to this vast amount of probable spam that is rejected at edge."

One member of this list estimated that 90% of spam was eliminated at the
periphery, before content filtering occurs.  Spam sent with a valid sub-address
will still be subjected to this blocking.

Also there is really no limit to the number of bogus email accounts that could
be fed to spammers.  I mentioned a 2:1 ratio of bogus account to real accounts.
If this isn't enough then how about a 10:1 ratio?  Conventional thinking is that
spammers don't care about bogus address - but now they will.

I would also reiterate the impossibility that a company can exist in the developing
world that would decode CAPTCHA for a legitimate company (Paypal, Amazon, etc.),
then also sell the same decoded list spammers, and expect to keep that
company's business for more than a week.  It would become INSTANTLY obvious that
the company was dishonest when every decoded address is then flooded with spam.
Also remember that a company such as Amazon is not paying to decode billions of CAPTCHA
a year, they would likely only need to decode less than 100,000 (and they are an
enormous internet company).  100,000 addresses wouldn't even approach the daily needs
of a spammer.

A lot is being made of the concept that with a decoded address a spammer can send
you an enormous amount of spam in a single day.  The spammer would much prefer to
send you 1 spam every day than 300 on a single day.  I would much rather receive
an enormous amount of spam once every few months than receive a little bit each day.

Michael Kaplan

-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Please critique my anti-spam system
  - From: Bill Cole
- Re: [Asrg] Please critique my anti-spam system
  - From: Seth Breidbart
- Re: [Asrg] Please critique my anti-spam system
  - From: Laird Breyer
- Re: [Asrg] Please critique my anti-spam system
  - From: Devdas Bhagat

Prev by Date: RE: [Asrg] Please critique my anti-spam system
Next by Date: [Asrg] joe.debba@example.com and joe.beebe@example.com
Previous by thread: RE: [Asrg] Please critique my anti-spam system
Next by thread: Re: [Asrg] Please critique my anti-spam system
Index(es):
- Date
- Thread