ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks

2003-08-01 00:42:56
from [Peter Kay] [Permanent Link] 
I think you've laid out a good foundation. We would be happy to provide
reasonable computing/account/domain/etc resources to assist.

Peter


-----Original Message-----
From: Alan DeKok [mailto:aland(_at_)freeradius(_dot_)org] 
Sent: Thursday, July 31, 2003 4:28 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - 
Titan Key reduces spam attacks 


Paul Judge <paul(_dot_)judge(_at_)ciphertrust(_dot_)com> wrote:

He has put forth some very preliminary data. He is requesting input 
towards a better analysis. Those that have constructive feedback 
please provide it.


  "More data, please!"


Ok, what else would be interesting to see?


  There was some discussion on this topic a few months ago, 
but it got lost in the volume of list traffic.


A broader set of test cases ( more addresses, different 

domains, ...) 

A control set of email addresses with different systems (no spam 
detection, detection with a different response such as: DSN, 
challenge, etc) What else?


  I believe that there are three orthogonal characterizations:

      a) time
      b) recipient domain or name
      c) anti-spam system

  For each combination of (time, recipient, anti-spam), there 
are two numbers which should be collected:

      a) total number of messages received
      b) of that, the number of messages determined to be spam


  To avoid political issues, I would suggest that 
sender-oriented measurements should be explicitely not asked 
for, or collected.  I would also suggest that the anti-spam 
systems be explicitely not named, other than as a broad 
characterization such as "challenge-response", etc.

  An independent third party should collect these 
measurements.  I believe there was a volunteer a few months 
back, who was waiting for consensus from the group, before he 
would start the actual collection of data.

  The data analysis should be fairly straightforward.  After 
a cursory evaluation of the data to avoid political issues, 
the raw data should be made available to all.  Multiple 
independent analyses can then be done.


  Other measurements which should be done are measurements of 
SMTP weirdness which doesn't involve message delivery.  e.g. 
"connect, EHLO, disconnect".  These behaviours are closely 
related to spam, but in many cases do NOT involve anti-spam 
systems, as no messages are delivered.  I believe that the 
anti-spam systems can then be further sub-divided into two 
categories: message-based systems, and network/SMTP systems.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg







_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks, Tom Thomson
Next by Thread:  Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]