ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks

2003-07-31 19:32:14
from [Alan DeKok] [Permanent Link] 
Paul Judge <paul(_dot_)judge(_at_)ciphertrust(_dot_)com> wrote:

He has put forth some very preliminary data. He is requesting input towards
a better analysis. Those that have constructive feedback please provide it.


  "More data, please!"


Ok, what else would be interesting to see?


  There was some discussion on this topic a few months ago, but it got
lost in the volume of list traffic.


A broader set of test cases ( more addresses, different domains, ...)
A control set of email addresses with different systems (no spam detection,
detection with a different response such as: DSN, challenge, etc)
What else?


  I believe that there are three orthogonal characterizations:

        a) time
        b) recipient domain or name
        c) anti-spam system

  For each combination of (time, recipient, anti-spam), there are two
numbers which should be collected:

        a) total number of messages received
        b) of that, the number of messages determined to be spam


  To avoid political issues, I would suggest that sender-oriented
measurements should be explicitely not asked for, or collected.  I
would also suggest that the anti-spam systems be explicitely not
named, other than as a broad characterization such as
"challenge-response", etc.

  An independent third party should collect these measurements.  I
believe there was a volunteer a few months back, who was waiting for
consensus from the group, before he would start the actual collection
of data.

  The data analysis should be fairly straightforward.  After a cursory
evaluation of the data to avoid political issues, the raw data should
be made available to all.  Multiple independent analyses can then be
done.


  Other measurements which should be done are measurements of SMTP
weirdness which doesn't involve message delivery.  e.g. "connect,
EHLO, disconnect".  These behaviours are closely related to spam, but
in many cases do NOT involve anti-spam systems, as no messages are
delivered.  I believe that the anti-spam systems can then be further
sub-divided into two categories: message-based systems, and
network/SMTP systems.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks, Peter Kay
Previous by Thread:  RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks, Paul Judge
Indexes:  [Date] [Thread] [Top] [All Lists]