Keeping unique MD5's over the lifetime of the system is
impractical and
will eventually start encroaching on the "hammering distance"
issue.
Maybe for some, we have infrastructure that handles 6 billion
transactions on data sets of many Gb. So there is an existence
proof at least :-)
If there is a business model this type of scheme can be
deployed, my concern is that I would prefer we looked at
mechanisms that did not require such quantities of hardware.
Looking at the various spam gangs on the net there are
major differences in the level of sophistication. The
Nigerian gangs don't appear to have got much beyond working
out how to use CAPS LOCK. You can detect a risible proportion
of Nigerian letters simply by scanning for 'modalities of the
transaction'.
Rather than use an MD5 approach I would prefer to use
something that was rather more adaptive and reactive. The
spam senders can clearly react faster than we can turn out
standards. I think this is a case where Java or C# mobile
code approaches could have an application. This would allow
the fingerprint matching technology to evolve in response
to attempts to defeat it.
One of the features of the cricumvention technology is that
its use can provide some of the best spam indicators. For
example any subject line that has a string of whitespace and
random non text garbage appended at the end has a huge
probability of being spam.
If we get to the point where the only spam being sent is
being sent by a small number of offshore spam houses using
ever more convoluted tactics to defeat spam filtering
technology the business will start to shrink very quickly.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg