ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [asrg] 6. proposal of solution: Using Relay Honeypots to Reduce Spam

2003-04-15 06:19:35
from [Jon Kyme] [Permanent Link] 


To really disrupt the spammers may take a number of honeypots equal to or
greater than the number of open relays. If the numbers were equal then
the
honeypots would be expected to be receiving roughly half the spam, a 50% 
cut in spam volume.  At that level the spammers need only double their 
output to keep the same delivery level.  


Clearly.  What do you think that the trend in the number of open 
proxies / relays is (will be). How long will it take us to have the
neccessary number of honepots deployed?
How expensive is it for spammers to send out duplicate messages?



This analysis neglects the complaints that many honeypot
operators can send - complaints about attempted theft of service, 
complaints about relay test messages.  These complaints multiply the 
effectiveness of honeypots since they help disrupt the entire spamming 
operation.



But surely entities which receive spam are in as good (or better) position
to
complain (or sue - AOL anyone?) than the operator of what is, after all,
an entrapment device?


counter-countermeasure may be to deposit all spammed addresses in a
central
database, shared by a consortium of honeypot operators.  If the spammer 
uses a test address with any frequency that address will receive 
proportionately more spam than do the ordinary addresses.  Once a test 
address is identified honeypots still working can simply deliver any spam
that comes for that address, fooling the spammer.



But if the test address receives no more messages than a regular spam
target address this signature disappears. The spammer just needs a supply
of disposeable addresses.


I can't see how honeypots can have a major impact on the quantity of
unwanted mail
reaching my users unless undetected deployments substantially outnumber
abused relays/proxies. They'd have form a very large majority before they'd
begin to approach
the effectiveness of content-filters surely?

I can see that they might be useful as a research tool - but I can't see
how I could
use your arguments to persuade my boss to let me (fund me to) run one (or a
few)
on our network.


Regards.
Jon Kyme




--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [asrg] 6. proposal of solution: Using Relay Honeypots to Reduce Spam, Brad Spencer
Next by Date:  Re: [asrg] 6. proposal of solution: Using Relay Honeypots to Reduce Spam, Brad Spencer
Previous by Thread:  [asrg] 6. proposal of solution: Using Relay Honeypots to Reduce Spam, Brad Spencer
Next by Thread:  Re: [asrg] 6. proposal of solution: Using Relay Honeypots to Reduce Spam, Brad Spencer
Indexes:  [Date] [Thread] [Top] [All Lists]