Phillip Hallam-Baker asks for impirical information on, among other things:
1) Spam transport mechanisms
Percentage of spam sent through open relays
Percentage of spam that has a bogus from address
Percentage of spam that does not comply with RFC 822
I'm quite interested in the transport side of things as part of a thought
experiment I'm running about how effective throttling could be. I'd like
statistics generally on where spam comes from when it gets to a legitimate
SMTP server.
Open relays
Spammer servers
Legitimate outbound SMTP servers through which "work at home"
minions are spamming
Directly from "work at home" machines
Further, when spam arrives, is it bursty? Does it arrive in clumps from
small numbers of sources or is it buried uniformly among legitimate traffic
from all sources?
I know there are some spam archives, and it is worth looking at all the
headers there, but I think the sampling would be quite thin.
Alternatively, if a few largish ISPs would be willing to make data files
available containing <timestamp, source IP, #addresses, spam-flag> tuples
available for a week or so worth of traffic, then it would be quite
interesting.
The spam flag could come from, say, spamassassin, and wouldn't have to be
all that accurate to get some useful data.
An analysis of such data files, augmented with guesses made from reverse
dns lookups, might classify the sources of spam and their time-domain
characteristics.
Aside from spam, it would be mighty fun to know about the worldwide
source destination traffic matrix for email.
-Larry
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg