ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 2. - Spam Characterization - Possible Measurements (wa s : RE: Two ways to look at spam)

2003-07-08 03:34:27
from [Paul Judge] [Permanent Link] 



-----Original Message-----
From: Yakov Shafranovich [mailto:research(_at_)solidmatrix(_dot_)com] 
Sent: Monday, July 07, 2003 8:33 PM
To: Barry Shein; Dave Crocker
Cc: Paul Judge; 'asrg(_at_)ietf(_dot_)org'
Subject: Re: [Asrg] 2. - Spam Characterization - Possible 
Measurements (wa s : RE: Two ways to look at spam)


At 07:12 PM 7/7/2003 -0400, Barry Shein wrote:



Well, there's one characterization from measurements mentioned which 
spammers can't adapt to and that's their location 

(in)stability in IP 

space.

This relates to the idea that the only reason spammers can operate 
effectively is because they exploit thousands of hijacked computers 
which gives them location mobility (not geographic but in ip space.)

If this can be shown to be true via measurement it leads to the 
conclusion that perhaps the problem with spam is not what 

leads to this 

idea of a "consent" framework as originally proposed in this 

charter, 

but, instead, shows spam is almost entirely a security problem.

Spammers can't adapt their way out of this observation because that 
would mean they'd have to become location immobile which 

means we could 

just block them and that'd be the end of spam.


Paul,

Perhaps we can start seeing some of the data based on these 
characteristics?

Yakov 


I've commented on Barry's points in a separate message so I'll just address
your question here.

There were four categories of measurements: sending, source, message, and
spam attack characteristics.

I'm working with some colleagues at Georgia Tech on some analysis around the
first three. It will probably be another month before the data is in a
meaningful representation. If others want to also pursue this path, that is
great. Just contact me off-list and we can discuss.

The fourth category is spam attack characteristics. This seems to be where
this particular suggestion from Barry focuses. We can develop a methodology
for performing this analysis. We then need volunteers for performing the
data collection. This most likely requires not just a collection of spam,
but some honeypot domains, relays, or proxies. Volunteers?

Barry, any specific thoughts towards measuring the IP instability of
senders? There have been some ideas from persons discussing reputation
systems about the difference between the real source of the message and the
sender of the message. One difficulty is determining the real source and
tracking this across different messages sent via different means. Then, how
do you account for the legitimate messages that may originate from machines
or networks that have been compromised by spammers?




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 3. Requirements - Non Spam must go through, Jon Kyme
Next by Date:  RE: [Asrg] 0. General - Group Direction, Paul Judge
Previous by Thread:  RE: [Asrg] 2. - Spam Characterization - Possible Measurements (wa s : RE: Two ways to look at spam), Barry Shein
Next by Thread:  [Asrg] Hi,Asrg,darling, nazgul
Indexes:  [Date] [Thread] [Top] [All Lists]