ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Requirements for gathering statistics

2003-03-24 13:08:17
from [Alan DeKok] [Permanent Link] 
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:

We have two pieces of information that I think most significant:

1 Spam is growing at an exponential rate (10% a month by the most
conservative estimates).


  I would like additional data justifying that opinion.  While it's
true anecdotally for most people, I think we need a larger sample to
state it decisively.  (This is also known as "Dave Crocker wasn't
entirely wrong...")

  I would like ASRG to be able to say "we looked at the problem, and
some thousands of MTA administrators reported X amount of
spam. Stastical validy is <foo>.  Data analysis follows.  Therefore,
to address these problems, we have potential solutions A, B, and C.
The cost of these solutions is predicted to be D, E, and F.  The
effectiveness of these solutions is predicted to be G, H, and I."


2 The spam senders are using countermeasures to bypass filtering.


  Those are difficult to measure.  We *know* some spam is caught, so
that's an easy number to measure


The types of information I think IS interesting is information that
gives a handle on the character of the problem. In particular

  - Proportion that comes from list kiddies (small fry who bought 
      a list) vs garbage creators (major spamhaus)


  I'm not sure how I would tell the two apart, which is why I didn't
ask for those statistics.


  - Rates of growth of spam from different sources.

  - Whether certain countermeasures have been applied in more than
      5% of cases.

  - Proportion of spam sent through open relays - to 10% or so.


  That involves asking ISP's to determine which IP's are open relays,
which is difficult.

  The questions to blacklist maintainers would be more likely to get
this kind of information.  e.g.:

  - # of IP's determined (somehow) to be open relays
  - # of MTA's using the blacklist
  - # of queries to the blacklist
  - % of queries which return "in the blacklist"


If no spam sender ever uses forged headers we could cut out a lot
of spam simply by whitelisting for the major ISPs known to implement
rate limiting. I doubt that such will remain the case for very long.


  If spammers rate limited their sending to no more than some small
percentage of an ISP's non-spam email traffic, then I would think that
most people would say the spam problem is largely solved.

  Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Requirements for gathering statistics, Alan DeKok
Next by Date:  Re: [Asrg] Hashstamp-like proposal, Brad Templeton
Previous by Thread:  RE: [Asrg] Requirements for gathering statistics, Hallam-Baker, Phillip
Next by Thread:  Re: [Asrg] Requirements for gathering statistics, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]