ietf-asrg
[Top] [All Lists]

Re: [Asrg] Some data on the validity of MAIL FROM addresses

2003-05-18 10:00:21
On Sun, 2003-05-18 at 03:34, Kee Hinckley wrote:
Vernon has regularly made the claim that a significant proportion of 
spam messages have valid MAIL FROM's.  That means that bounces will 
go the the spammer.  This has significant ramifications for C/R 
systems (especially auto-respond ones) since it means that should 
they have to, spammers could respond to challenges.

To test this theory, I took a day's worth of bounce logs from 
somewhere.com (2003-05-15).  These should be fairly normal logs. 
There's been a bit of an upswing from a recent virus attack, but 
otherwise these are pretty normal bounce logs for somewhere.com. 
These are for addresses that do not, and have never, existed. 
Because they got on the spammer's lists primarily because someone 
entered the address on a web site, they get a mix of "true" spam and 
just standard bulk mail.  However if they bulkmailers are doing their 
job, those addresses should be removed fairly quickly.  If they 
aren't removing on bounces--then they look and smell a lot like 
spammers.

<snip>

In general though, it appears that Vernon is correct.  If my sample 
is representative, a large percentage of spam is coming from real 
email addresses.

I'll be making this data (and hopefully live update's to it) 
available on the web, hopefully in the next few days.

I nice idea, but what we really need is the script you used to analyze
your logs.  Then additional data can be collected at a variety of
locations.  

I realize that there are many on this list who find data collection to
be pointless, but Kee Hinckley has shown this to be incorrect.  Vernon
Schryver's assertions were useless (even if correct) without hard
evidence, and Kee's data is insufficient without wider deployment.

Likewise, Vernon's followup that Kee is analyzing a different statement
than Vernon asserted is a legitimate concern.  The data analysis
methodology should be publicly vetted to ensure that it is providing
meaningful and acurate data.

Paul, is it possible for the www.irtf.org/asrg website to host log
analysis tools?  This is directly applicable to the list of Work Items.

-- 
Fred Bacon <bacon(_at_)aerodyne(_dot_)com>
Aerodyne Research, Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

<Prev in Thread] Current Thread [Next in Thread>