At 04:24 PM 6/12/2003 -0400, Meng Weng Wong wrote:
[..]
Matching sender domain with client IP is a strong predictor of spamminess.
We already know that, that's why people are pushing the RMX-like proposals
to make sure that the basic flaw in SMTP is taken care off. However, there
are still some gray areas such as people who are traveling, and domains
providing email service for other domains.
[..]
The classifier scheme is described at
http://dumbo.pobox.com/spam-sensor/.
Your classifier scheme seems to work similar to the scheme used by
TitanKey's system. In TitanKey's system, a "550" is issued to every message
based on the assumption that spammers clean their lists because of SMTP
errors. Then a challenge is issued to the receiver and the regular C/R
process takes off. In your system, a "4xx" transient error code is issued.
This is based on the assumption that:
o Spammers won't retry after they get a deferral
During the discussion about TitanKey's system, many people have stated that
these basic assumptions have no valid data backing them up. Unless someone
here is an "honest" spammer [sic], no one in the group can really provide
any data as to what goes on behind the scenes on the spammer side. The
advantage of your system is the same as TitanKey: the message is rejected
before its received, thus reducing costs of dealing with storing the
processing such message. However, whether the assumption here tends to be
correct or not, is beginning to crop up all over, like you mentioned on
your page. It would be interesting to see what spammers are doing but in
any case this solution is probably a temporary fix.
Conclusion 1: aol, hotmail, and yahoo have successfully implemented
outbound antispam technology, ie. ways to ensure that only humans sign
up for their accounts, or limits on per-account outbound message volume.
See my previous message some time ago about Hotmail's scripting abilities.
Providers, especially the free ones, have a long way to go to reduce
outbound message volume.
[..]
Conclusion 2: Client IPs whose PTR do not match their sender domains are
more likely to be spam than not.
That's why AOL rejects email from addresses without PTRs (see
http://postmaster.info.aol.com/standards.html)
But that means a scheme like SPF/DMP/RMX should work nicely.
It is very useful to see real-life data once in a while. Thanks.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg