For example, if 90% of spam is forged, then RMX, C/R, and
authentication schemes could do a lot against spam (modulo their
other problems).
It's not a large step to estimate that 90% of spam is forged.
1) However, much of that spam can be filtered using simple sender domain
checks. Many spammers use bogus domains and maybe 5-10% of spam is dropped
accordingly.
2) The next value is to do a HELO hostname check..about 10-20% is dropped as
well. However, there are casualities for very large companies...such as
bellsouth and verizon whereby I have to punch holes in my filters.
3) Then I could be more aggressive and apply a reverse-dns check on the
initiating source IP. Doing so is also effective, however, all DSL and
carrier Dial networks in-addr their IP pools...yet many mail admins don't.
I have aout another 5-10% of my spam come from unresolved IPs..but instantly
the phones light up..cost me money..and I'm out of business. The tough-love
approach is suicidal stupidity.
4) Then OK, so now we go with RBL, to identify the pools..that'll
work..costs non-trivial money..but it works for that flavor of spam..maybe
5%.
Then I get plenty of spam from valid random domains, with valid senders (at
least reply with SMTP OK), random IPs, reverse-DNS mappings (maybe
overseas), valid HELO..everything marries up..and I still get 1-2
spams/second.
So, I stopped looking at the logs because it depresses me..and I do
something stupid like try to blacklist someone..or scan my bounce queue for
http:// links or HREFs to indicate that there was some sort of
solicitation. Trying to identify a pattern for spam is like writing an
equation for the Niagra Falls. John Forbes Nash Jr was more successful than
I was in identifying textual patterns.
My lesson in futility was that the only successful anti-spam method is a
distributed one.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg