[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] How about we do something about spam?

Subject: Re: [Asrg] How about we do something about spam?
From: "Chris Lewis" <clewis at nortel.com>
Date: Tue, 30 Jan 2007 13:47:54 -0500
Cc: asrg at ietf.org
In-reply-to: <Pine.GSO.4.64.0701301204480.12882@nber1.nber.org>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <E1HAsHW-0001Rt-Dv@megatron.ietf.org> <web-4616485@bk3.webmaillogin.com> <20070128113319.GA18862@hjp.at> <17854.22871.423362.95300@world.std.com> <C7CDFCAB-477E-4174-A167-06A169856380@mail-abuse.org> <17854.31180.793466.939378@world.std.com> <DA8F3529-7F27-4BC4-8686-1A74C9EA9062@mail-abuse.org> <17854.62393.356114.929389@world.std.com> <Pine.GSO.4.64.0701300723190.10178@nber1.nber.org> <45BF6B18.2000308@nortel.com> <Pine.GSO.4.64.0701301204480.12882@nber1.nber.org>
User-agent: Thunderbird 1.5.0.9 (Windows/20061207)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Feenberg wrote:
> On Tue, 30 Jan 2007, Chris Lewis wrote:

>> [Aside: the PBL (Spamhaus's "policy blacklist", which is essentially the
>> same as "pool addresses" was pre-primed with NJABL dynablock and has
>> been growing since.  That is _not_ "mildly effective". See
>> http://www.sdsc.edu/~jeff/spam/cbc.html]
>>
> 
> The addition of the PBL to the sbl-xbl mildly increased the
> effectiveness of blocking. I agree that the total amount blocked is
> substantial, but the PBL does not yet contribute much.

Even incrementally.  Check out Makey's stats.  Going from 80K -> 100K
ain't small potatoes, when you consider that even _before_ that,
Spamhaus typically been 70-85%.

>> Many ISPs aren't good at naming of pools and properly renaming them when
>> the machine becomes "non-generic", or placing non-pool in the middle of
>> pools.  So there is always a significant problem with non-poolish
>> machines having poolish names.  There's a substantial number of
>> providers who don't understand that naming their servers (mail or
>> otherwise) something other than 1.2.4.5.example.com is bad.
>>
> 
> Of course the nicest naming scheme is 1.2.3.4.pool.example.com, and the
> worst is pool-1-2-3-4.example.com, simply because of the way dns
> wildcards work. *.pool.example.com is only one line. pool*.example.com
> is supported by bind (or anything else that I know of).

When it boils down to it that that sort of difficulty makes little
difference to the concept.  Even if you had almost "perfect" pool
coverage, there's still a _very_ high volume of junk from non-pool areas.

>> The problem isn't just pool addresses, much as it isn't just other
>> subsets.

> I don't understand - why is that an argument against solving part of the
> problem?

It isn't, only that it's perhaps not as major a contributor to the
solution as it may appear to you.

>> Even if it were "the solution", the PBL with something like 5-6 years of
>> accumulated "pool addresses" behind it (from many many sources) should
>> demonstrate that it's no easy task.  Pool listings are _frightfully_
>> expensive in man-hours to maintain.

> More expensive than fixed sources of spam? The PBL is handicapped by its
> rule not to list any address without the permission of the ISP. When
> they drop that rule and it will be quite effective.

Ah, no.  You're missing some important detail about the PBL.  Go reread
the PBL web pages, and understand the difference between the 127.0.0.10
and 127.0.0.11 returns.

> One has to remember that MAPS killed open relays quite quickly -
> behavior modification works. The operators of MTAs behind generic
> addresses are almost all insignificant and can easily adopt a smarthost
> once they realize they need one. I understand it is hard to make major
> ISPs kowtow to RFCs. This isn't in that league of difficulty at all.

I have a lot of experience behind trying to deal with people on "pools".
 It's not as simple as you think.  Not the least being the vast number
of poorly enumerated pools.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRb+S2p3FmCyJjHfhAQL1/AQArrIbfoy/r+zl/4+QeEeC3LcfmWebBHR9
khwVH8CEJh94lr3Dr0KViwF4HyVO/dp107b3DEZQmMYcIYM7woOALnq/ladTx7D/
zvGi524PZqiE8a4mAqzcAkWuTk/sInGAbrZbxu/q/PLspyd9ZdJochJga8Tr7kRY
Ax/fQaJrSRg=
=ZMQX
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] Quarantines and block lists
  - From: gep2
- Re: [Asrg] Quarantines and block lists
  - From: Peter J. Holzer
- [Asrg] How about we do something about spam?
  - From: Barry Shein
- Re: [Asrg] How about we do something about spam?
  - From: Douglas Otis
- Re: [Asrg] How about we do something about spam?
  - From: Barry Shein
- Re: [Asrg] How about we do something about spam?
  - From: Douglas Otis
- Re: [Asrg] How about we do something about spam?
  - From: Barry Shein
- Re: [Asrg] How about we do something about spam?
  - From: Daniel Feenberg
- Re: [Asrg] How about we do something about spam?
  - From: Chris Lewis
- Re: [Asrg] How about we do something about spam?
  - From: Daniel Feenberg

Prev by Date: Re: [Asrg] Re: draft-hall-inline-dsn-01
Next by Date: Re: [Asrg] How about we do something about spam?
Previous by thread: Re: [Asrg] How about we do something about spam?
Next by thread: Re: [Asrg] How about we do something about spam?
Index(es):
- Date
- Thread