David F. Skoll wrote:
Right. Are you sure you read my proposal? If you can be an
omniscient being and see what happens to every message sent in a
bulk-email run, I believe you will see a difference between spamming
and legitimate bulk e-mailing.
The question is associating the messages to get your counts.
A spammer merely needs to have a big set of open proxies/relays and
seriously randomize froms, and you can no longer generate counts of
anything because you can't associate report "a" with report "b".
I have some considerable experience with this having built a tool that
attempts to group "similar" already-blocked spams from multiple IPs
within a given IP range to send off LARTs. Based on subject lines, with
considerable hackery to strip hashbusters, and lump, say, all "horsy"
spam together, I'm getting about a 40% success rate. Based on IPs and
Froms, it'd be no better, and considerably worse once the spammers
notice and evolve.
Some of the existing distributed methods based upon body checking do a
better job at this, because it's very hard to make the payload vary that
much to fool the hash preprocessing and still sell what you want to sell.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg