From: gep2(_at_)terabites(_dot_)com
...
[each] usually 3-5x (or MORE, oftentimes) bigger than spam which isn't. So
you'd block (in this case) 73% of the spam MESSAGES but probably 90% or more
of
spam BYTES by this *simple*, easily implemented strategy.
That's true but not impressive, because the total number of bytes involved
in all email is trivial per user. Typical web pages are 10 times larger
than typical email, including spam. Typical users receive only about 10
mail messages/day (judging from DCC numbers at a bunch of ISPs). I think
typical users look at more than 10 web pages/day..
Of course, if you have 35,000,000 users or even just 10,000, you have
reason to care about the bytes spent used for their mailboxes. However,
until you arrange to compress their mailboxes, you don't really care.
If you have good enough log statistics, check to see what percentage of spam
BYTES would actually be blocked by taking out messages containing text/html
message type indications in entity headers. It would also be interesting to
see
how many spams (and percentages of overall spam BYTES) contain attachments
(message text as JPG/GIF images, or (not used so often recently) .DOC files
or
whatever. My approach would end up truncating the great majority of those,
too.
Plenty of spam is tiny and on average it's small. If you are spammer,
you can generally send twice as many 2.5 KByte messages/day than 5
KByte messages. That pressure might be why base64 encoding has
decreased radically in my traps in the last few months. Base64 costs
the spammer a 33% increase (4 encoded bytes for every 3 plaintext)
without offering any defense against non-trivial filters. That pressure
might also explain why the <!--HTML.comment--> noise had become rare
by a week or two ago. (My guess for the resurgance in the last week
or 10 days is that a spamware vendor has a new set of suckers who
don't understand this.)
AND, don't forget, another big benefit is blocking NOT ONLY JUST spam, but
also
viruses/worms/trojans. In many cases, those are sent from 'legitimate'
senders
and without hijacking open relays...
That's a red herring, because many outfits already filter attachments
for worms.
More important, the problem for your idea is not selling it here but
in Redmond. Until Microsoft stops encoding mail in HTML by default,
perhaps by only turning on HTML when the user does some formating,
ISPs cannot filter HTML by default. I really wish they could and
would, but I'm not quite crazy enough to confuse my wishes with reality.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg