ietf-asrg
[Top] [All Lists]

Re: [Asrg] Spam detection system proposal

2003-03-05 09:26:33
On Wed, 5 Mar 2003, Keith Moore wrote:

Consider:  To receive DSN notifications, the spammer can expect to
receive between 10-20% of all the mail he sends out.  Sending
1,000,000 messages to different addresses is cheap.  Receiving 100,000
to 200,000 copies of that same message to a single address (or even a
few addresses) is not.

so the spammer pays that price once to clean up his list, and after
that, he only gets a few bounces back each time.

I believe that even that one-time price is sufficiently high to deter
a lot of spammers.

Furthermore, the system can be tuned.  For example, it might be
possible to send to the clearing house the SHA1 hash of each recipient
address (hash to preserve privacy) as well as the success/failure
notification.  The next time the spammer spams, if you notice a lot of
recipient addresses that were the same as a previously-detected spam
run, you can use that as an indication of spam.  Again, my intuition
tells me that the exact address lists used by spammers are very
different from legitimate mailing lists.

This enhancement would be pretty expensive to implement, but is
doable.  It means that anyone who cleans a list with a lot of bad
addresses will find his remaining list of good addresses is marked as
suspect.

This does, as you say, hurt infrequent mailers.  That's an unavoidable
side-effect.

If the spammer doesn't want to receive the message body in the DSN's,
he or she will have to use a bulk precedence header. :-)

which is not an indication of spam, and shouldn't be treated as such.

That's true, but forcing any kind of detectable behaviour onto spammers
is a good thing.  Even apart from detecting spam, the bandwidth
saved by not bouncing bodies is good for everyone.

--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg