From: "Eric Dean" <eric(_at_)purespeed(_dot_)com>
For example, if 90% of spam is forged, then RMX, C/R, and
authentication schemes could do a lot against spam (modulo their
other problems).
It's not a large step to estimate that 90% of spam is forged.
What justifies that step? The available numbers and simple logic seem
to say that something quite different.
1) However, much of that spam can be filtered using simple sender domain
checks. Many spammers use bogus domains and maybe 5-10% of spam is dropped
accordingly.
That's not what I see. About 192 or 0.6% of the last 27,972 spam
caught by my traps had bogus sender domain names. Since modern
versions of sendmail and other MTAs usually require that the sender
domain exist, the surprise is that even that small amount of spam
has bogus sender domains.
2) The next value is to do a HELO hostname check..about 10-20% is dropped as
well. However, there are casualities for very large companies...such as
bellsouth and verizon whereby I have to punch holes in my filters.
3) Then I could be more aggressive and apply a reverse-dns check on the
initiating source IP. Doing so is also effective, however, all DSL and
carrier Dial networks in-addr their IP pools...yet many mail admins don't.
I have aout another 5-10% of my spam come from unresolved IPs..but instantly
the phones light up..cost me money..and I'm out of business. The tough-love
approach is suicidal stupidity.
4) Then OK, so now we go with RBL, to identify the pools..that'll
work..costs non-trivial money..but it works for that flavor of spam..maybe
5%.
Are those numbers based on measurements or intuition?
...
My lesson in futility was that the only successful anti-spam method is a
distributed one.
I like the word "distributed," but I don't understand that reasoning.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg