On 9/3/06, Frank Ellermann <
nobody at xyzzy.claranet.de> wrote:
>
> I guess we disagree about this, but as long as you reject all
> SPF FAIL it won't affect me personally. I won't mind if you
> challenge an SPF PASS from me, I'm free to ignore it or to
> answer it - depends on what I want, I answer challenges from
> say ICANN or IANA (again and again... so far ;-).
Thank you for the feedback. Misdirected indiscriminant bounces are a major problem, so it is natural to presume that a widely enacted anti-spam system based on bounces would be absolutely disastrous. But what if bounces were not indiscriminant but were instead highly selective as I propose in a system that has been referred to as PER-CORRESPONDENT ADDRESS combined with CHALLENGE/RESPONSE sub-flavor MUA AUTO-RESPONSE?
I call attention to the Ironport report on bounces. It provides the most useful data on the bounce problem that I've seen so far. The report is free from:
http://www.ironport.com/company/ironport_pr_2006-04-24.htmlTo summarize the hard data:
-9% of global email traffic is misdirected bounce mail, 71% is spam/viruses/phishing, and 20% is legitimate.
-Less than 0.5% of bounce messages make it through to the end user.
-20% or more of what a spammer sends is bounced because of invalid addresses
-55% of fortune 500 companies have experienced partial or total disruptions of service due to bounce caused DDoS
-There are 4.5 billion misdirected bounce messages per day. 10% of these have valid addresses resulting in 450 million reaching mailboxes each day.
For my system to be highly effective I will assume that one of the better email filters is being used and that 4% of spam and 4% of ham gets bounced. I pick these numbers as the graphs of filter performance at:
http://sam.holden.id.au/writings/spam2/Allowing a 4% bounce rate of suspected ham and spam transforms the top performing spam filters into nearly perfect filters. Keep in mind that the data from the above website was generated prior to current email authentication practices, and of course it doesn't take into account the fact that the use of sub-addresses on incoming mail will further improve filter performance. Filter performance would therefore likely be superior when used for my proposed system.
The following is an analysis of how a properly implemented bounce based anti-spam system would impact the areas that are of the most concern when we think of misdirected bounces:
Effect on global email traffic
I will assume that 50% of global email accounts are protected by this system.
(4% spam bounced)*(71% global spam)*(50% participation) = 1.42%
(4% ham bounced)*(20% global ham)*(50% participation) = 0.4%
50% of the global email population is almost totally protected from spam at the cost of a 1.82% absolute increase in global email traffic.
Effect on DDoSCurrently if a spammer sends 100 million spam emails using the return address of a single company then 20 million misdirected bounces would hit that company's system. We will generously assume that 80 million of these spam emails target real addresses. Assuming 50% of the global population uses this system then:
(80 million)*(50%)*(4%) = 1.6 million additional emails will hit the company's system resulting in a total of 21.6 million, an 8% increase in bounce volume.
This 8% increase in volume during a DDoS is should be weighted against the benefit of nearly totally blocking spam to 50% of the global population.
Actually a good filter is unlikely to mistake an unauthenticated email sent from a dubious server with a legitimate email from a Fortune 500 company. The true increase in the volume of bounce DDoS attacks for large companies is likely much less or almost non-existent.
Effect of diverting spam on the inboxes of third partiesAgain assuming 50% of the global population uses this system:
(50%)*(4%) = 2% relative increase in the amount of "spam" sent globally.
(2%)*(10% of spam that spoofs an existing 'From' address) = 0.2% relative increase in global spam directed at real addresses.
50% of these misdirected spam bounces will target users of this system. Since the sub-address reproduces the benefit of BATV users of this system will be perfectly protected from these bounces. So only the remaining 50% of the global email population will face a
0.2% increase in the amount of spam.
This also assumes that the third parties are not using other mechanisms, such BATV, to stop bounces. This bounce spam will still need to face all of the anti-spam mechanisms of the third party; content filters will still be able to evaluate the spammy material in the bounce. The bounce will contain the IP of the server that originated the spam so that the bounce recipient's filter can evaluate its reputation.
On average we have at most a 0.2% increase in the average spam burden among nonusers of this system. As with DDoS attacks a small number of individuals may be disproportionately affected, but as with the DDoS example above these individuals will face at most an 8% increase in the amount of bounce spam. This slight increase in the amount of spam received by a small fraction of users is again weighted against the benefit of 50% of the population being free of spam.