ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well

2003-06-13 02:06:30
from [Yakov Shafranovich] [Permanent Link] 
At 04:24 PM 6/12/2003 -0400, Meng Weng Wong wrote:

[..]
   Matching sender domain with client IP is a strong predictor of spamminess.
We already know that, that's why people are pushing the RMX-like proposals to make sure that the basic flaw in SMTP is taken care off. However, there are still some gray areas such as people who are traveling, and domains providing email service for other domains. 


[..]
 The classifier scheme is described at
http://dumbo.pobox.com/spam-sensor/.
Your classifier scheme seems to work similar to the scheme used by TitanKey's system. In TitanKey's system, a "550" is issued to every message based on the assumption that spammers clean their lists because of SMTP errors. Then a challenge is issued to the receiver and the regular C/R process takes off. In your system, a "4xx" transient error code is issued. This is based on the assumption that: 
o Spammers won't retry after they get a deferral
During the discussion about TitanKey's system, many people have stated that these basic assumptions have no valid data backing them up. Unless someone here is an "honest" spammer [sic], no one in the group can really provide any data as to what goes on behind the scenes on the spammer side. The advantage of your system is the same as TitanKey: the message is rejected before its received, thus reducing costs of dealing with storing the processing such message. However, whether the assumption here tends to be correct or not, is beginning to crop up all over, like you mentioned on your page. It would be interesting to see what spammers are doing but in any case this solution is probably a temporary fix. 


Conclusion 1: aol, hotmail, and yahoo have successfully implemented
outbound antispam technology, ie. ways to ensure that only humans sign
up for their accounts, or limits on per-account outbound message volume.
See my previous message some time ago about Hotmail's scripting abilities. Providers, especially the free ones, have a long way to go to reduce outbound message volume. 


[..]

Conclusion 2: Client IPs whose PTR do not match their sender domains are
more likely to be spam than not.
That's why AOL rejects email from addresses without PTRs (see http://postmaster.info.aol.com/standards.html) 


But that means a scheme like SPF/DMP/RMX should work nicely.


It is very useful to see real-life data once in a while. Thanks.

Yakov


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] US Spam patents: Partial list, Peter Kay
Next by Date:  Re: [Asrg] CRI Header, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well, Vernon Schryver
Next by Thread:  Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]