Danny Angus wrote:
> It may be that the idea of indirection between logical recipients and email
> addresses has some place in the ingredients of a complete solution.
I have spent the last few years working out the operational concerns of an email security application that employs multiple addresses (which I call "supplemental addresses") for each protected inbox. I'd like to contribute to the discussion by explaining how I see supplemental addresses being of a benefit to the overall anti-spam space.
The use of supplemental addresses is not, in and of itself, an anti-spam method. By separating messages into physically separate address spaces, supplemental addresses expand the context that one can derive about a message, starting with, "what address was it sent to?". Another question that can be answered is, "who did I originally give the address to?", which leads to answering, "how did this sender get my address?". There are other things that can be uncovered from knowing which supplemental address was used per message.
But here's what makes supplemental addresses really interesting. When you combine the use of supplemental addresses with pretty much any other anti-spam model, it tends to preserve the strength of the model while greatly reducing or even eliminating the negative side effects that pretty much every model contains.
To understand this better, I'd like to present an important premise that we originally believed was true, and after a few years experience have found to be true in practice, that sets the stage for why supplemental addresses contribute to spam defenses:
"Legitimate contacts never knowingly share your email address with spammers, and
spammers only share your address with other spammers, never with legitimate contacts."
If access to my inbox can be fractionated so that sources of spam use addresses which are different from sources of legitimate messages, then those supplemental addresses receiving spam can be subjected to anti-spam defenses and, more importantly, addresses that receive only legitimate messages can be completely spared from spam defenses (and their endemic shortcomings).
I recently did an assay of our users and calculated that after a few weeks of use, 90%-97% of all legitimate messages arrive on supplemental addresses that are not protected in any way from spam (sent to a "public" address), but overall spam prevention is active on those addresses that have spam sent to them. So the net spam relief is the same with or without supplemental addresses.
So, combining supplemental addresses with a traditional content filter would still block the same number of messages as the filter alone, but since 90%-97% of legitimate mail is not subjected to the filter, the overall rate of false positives endemic to that filter would be decreased by almost an order of magnitude. The same filter, but almost 10 times fewer false positives.
Likewise, combing supplemental address with white listing has the net effect of continuing to block all spam, but with 90%-97% fewer instances of challenge response (if you are using C/R in the white list scheme).
This effect holds up with every security model that I've considered. Supplemental addresses constitute a generic approach that, when combined with other anti-spam technologies, improves the overall performance metrics of the other technologies. I think the use of supplemental addresses is becoming more commonplace.
I hope that my particular way of viewing the role of supplemental addresses helps in the discussion.
Joe McIsaac
Reflexion Network Solutions, Inc.
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg