Well, some ideas:
1. Some sort of time-domain analysis of where spam actually comes from
(ip addresses, nets.)
If it's seemingly random that would point towards the theory that it's
just (presumably illegally) exploited machines.
If it's coming from specific places with some predictability then that
would lean towards more consent-based conclusions.
2. Stability of web addresses etc advertised in spam.
I've heard it claimed (by one of the speakers at the MIT spam conf)
that the typical lifespan of a spamvertised website is two hours.
Again, that sort of instability tends to promote the idea of spam
being a product of criminal behavior.
3. Stability of relays
Similar, but how long does a spam relay spew spam, typically (what's
the distribution)? One hour? 12 hours? Years? And related summary
statistics such as the number of msgs spewed, the time domain (is it
bursty or continuous), etc.
-b
On July 1, 2003 at 17:30 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
At 03:30 PM 7/1/2003 -0400, Barry Shein wrote:
At 03:35 PM 6/29/2003 -0400, Paul Judge wrote:
> >Just as in any other business, the profit in spamming is equal to
revenues
> >minus costs. In spamming, revenue is equal to the number of spam
messages
> >received times the response rate times the profit per item. Expenses
include
I will point out that the hard evidence for this is lacking.
[..]
More to the point I would assert that if we don't endeavor to nail
down hard evidence and work forward from there we're in great danger
of shadow-boxing with our own imaginings about how we would like to
think spammers operate.
I realize the urge to show progress is great and fact-gathering sounds
like a frustrating impediment to some, but...how bad would it be if
our efforts turned out to be foolish and disconnected from reality,
research into a June bug*?
Great, what kind of evidence or things should we be looking for? From
(http://www.irtf.org/asrg/asrg-work-items.txt):
---snip---
2.a. Spam Measurements. This works needs to be focused on immediately. This
data will help us understand the current weaknesses in the system and where
efforts should be focused. Requirements need to be set and then we have to
gather the data. I see two separate paths here: One is based on user survey
input. Ted Gavin has volunteered to conduct this. The other data is based
on real spam measurements. Once the requirements are gathered, Brightmail,
CipherTrust, CloudMark and MessageLabs have each volunteered to contribute
information. Any other volunteers?
---snip--
As you can see Brightmail, CipherTrust and a bunch of others agreed to
provide data. All we need is to define what we are looking for.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg