From: Erez Zadok <ezk(_at_)cs(_dot_)sunysb(_dot_)edu>
...
My own experience is also that the vast majority of spam comes from forged
addresses that don't exist. I personally am using ASK, a challenge-response
personal spam filter to be very effective in reducing the rate at which spam
sneaks in significantly. ASK works well for me, but it does have
scalability problems if deployed widely.
How do you know that the source addresses don't exist, because your
challenge-response system gets a bounce for its challenges? That
would at most show that they don't exist when you challenge them, and
might in some cases only show that your challenges are unacceptable
(e.g. detected by a spam filter) and so rejected from perfectly valid
and legitimate addresses. (For example, if your challenges are
substantially identical or bulk, then they are likely to be rejected
by spam filters like the DCC and Pyzor/Razor.)
Assuming that your vast majority of addresses in fact do not exist,
how do you know that none of the spammers owned the addresses they
are using in the reasonably recent past, perhaps even when they queued
the spam on the on the open relay or other SMTP client? For example,
how do you distinguish "never existed" from "terminated for spamming"?
Do you consider both cases to be "forged?" I hope not.
That distinction is significant, because contributors to this mailing
list have claimed that some forgeable spam defenses are impossible,
because they believe forgery is extremely common. Others have claimed
that spam defenses based on validating sources would be sufficent
using similar reasoning. Both are reasons are bogus if forged spam
is in fact relatively rare, although the claims might still be valid
for other reasons.
It's also worth quantifying the total from which that or any "vast
majority" is drawn. For example, conclusions based on 5000 messages
sent toward a handful addresses should convince no one of much of
anything.
As others have said, numbers with complete disclosure of what
they mean would be good.
As I keep saying, I agree that plenty of spam has forged sources.
The question is whether that "plenty" is 1%, 10%, 50%, or 99%. As I
said, my guess is ~10%. Note that I used the word "guess." I wish
that everyone else who is guessing would admit as much. As far as I
can tell, everyone is guessing.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg