ietf-asrg
[Top] [All Lists]

Re: [Asrg] Spam detection system proposal

2003-03-05 13:01:36
From: jm(_at_)jmason(_dot_)org (Justin Mason)

David F. Skoll said:

...

[clearinghouse of sources of mail sent to bad addresses]

- what about randomised sender addresses?  Some spamtools will generate
  a new random From: addr for each recipient.  I fear the relay IP
  address is the only trustworthy source id that can be used...

Not only do some spammers forge random source addresses (now often
from their target lists), but they also use open proxies and relays
so that the IP address varies and is not a reliable mark of evil.

Worse, looking for delivery failures is still looking for side issues.
A batch of bulk mail sent to 1000 bad addresses is not necessarily
spam any more than a batch of bulk mail that mentions Viagra.

What happens if a big ISP accidentally messes up its user database
for a few hours and so bounces a bunch of copies of mail from list.
Does that make messages from this list spam?

"Spam" is unwanted mail, with "unwanted" determined by individual
targets.  One person's spam is another person's important newsletter,
regardless of whether 1000 other copies bounce, whether the messages
came through an SMTP relay or TCP proxy, or it mentions Viagra.


Again, if you are going to do distributed spam detection (as opposed
to the things this mailing list is charted to consider), I think you must
look at mail bodies.  Besides the DCC, there are Pyzor and Cloudmark,
and even SpamAssassin if you squint at the updates to the default
rules right.   The DCC is currently looking at approaching 20 million
messages per day and finding that about 60% of them are extremely bulky.
See http://www.dcc-servers.net/dcc/graphs/


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg