On Sun, 2003-05-18 at 03:34, Kee Hinckley wrote:
Vernon has regularly made the claim that a significant proportion of
spam messages have valid MAIL FROM's. That means that bounces will
go the the spammer. This has significant ramifications for C/R
systems (especially auto-respond ones) since it means that should
they have to, spammers could respond to challenges.
To test this theory, I took a day's worth of bounce logs from
somewhere.com (2003-05-15). These should be fairly normal logs.
There's been a bit of an upswing from a recent virus attack, but
otherwise these are pretty normal bounce logs for somewhere.com.
These are for addresses that do not, and have never, existed.
Because they got on the spammer's lists primarily because someone
entered the address on a web site, they get a mix of "true" spam and
just standard bulk mail. However if they bulkmailers are doing their
job, those addresses should be removed fairly quickly. If they
aren't removing on bounces--then they look and smell a lot like
spammers.
<snip>
In general though, it appears that Vernon is correct. If my sample
is representative, a large percentage of spam is coming from real
email addresses.
I'll be making this data (and hopefully live update's to it)
available on the web, hopefully in the next few days.
I nice idea, but what we really need is the script you used to analyze
your logs. Then additional data can be collected at a variety of
locations.
I realize that there are many on this list who find data collection to
be pointless, but Kee Hinckley has shown this to be incorrect. Vernon
Schryver's assertions were useless (even if correct) without hard
evidence, and Kee's data is insufficient without wider deployment.
Likewise, Vernon's followup that Kee is analyzing a different statement
than Vernon asserted is a legitimate concern. The data analysis
methodology should be publicly vetted to ensure that it is providing
meaningful and acurate data.
Paul, is it possible for the www.irtf.org/asrg website to host log
analysis tools? This is directly applicable to the list of Work Items.
--
Fred Bacon <bacon(_at_)aerodyne(_dot_)com>
Aerodyne Research, Inc.
signature.asc
Description: This is a digitally signed message part