I have to agree with Paul that a sound study is needed. My "research" was
empirical and based on a very small dataset. I am not aware of any large
scale study ever done regarding this issue where all of the research data
was open to the public (the out-law.com study is not). I think we need to
make such study or find someone who can once an appropriate methodology has
been put together.
Additionally, a few points. First of all, once we actually start collecting
research data on real spam, we probably should setup a separate area on the
website for storing it. Second, we need to employ sound scientific methods
and proper statistical methods similar to a regular scientific study such
as a drug trial (large enough samples, control mechanisms, etc.). Third,
all of the source data, interpretations and results must be made public so
anyone can evaluate the data for themselves.
Keep in mind, that spam does not stay static and changes all the time. We
must keep in mind the fact that any proposal or method for controlling spam
must adapt to the changes in spam, and any conclusions drawn from spam
studies must take the possible changes in spam into account.
Yakov
At 04:12 AM 8/9/2003, Paul Judge wrote:
While everyone's input is interesting, these data points are not truly
meaningful.
A sound measurement study is needed to provide meaningful insight here.
There have been some efforts on that path in the past:
http://www.simplyquick.com/privacy.html#3
http://www.infoworld.com/article/03/03/21/12ebsecret_1.html
The FTC did a study on this also, but I can't find the link right now.
My view is that this is directed related to the thread about the analysis of
the effectiveness spam response techniques. That thread focused on
responding with SMTP error codes. This thread speaks about responding with a
unsubscribe request. Peter, can you incorporate this into the analysis plan
that you are putting together? From there we can determine an appropriate
methodology for collecting this data.
> -----Original Message-----
> From: Shaun Bryant [mailto:sbryant(_at_)ThePit(_dot_)org]
> Sent: Friday, August 08, 2003 8:58 PM
> To: 'asrg(_at_)ietf(_dot_)org'
> Subject: RE: [Asrg] 2.a.1. Spam Measurements - Data - Unsubscribe
>
>
> From the tests that I have done with various honey-pot
> accounts I have seen a great increase in the amount of spam
> that the account receives when I "unsubscribed". I believe it
> depends a lot on the type of spam you are using in your test.
> Was the spam mostly bulk, or was it semi-solicited? Where the
> e-mails originated from somewhere the account you where
> testing with gave the address out to that may have "shared"
> it with other organizations?
>
> Shaun
>
> > -----Original Message-----
> > From: C Wegrzyn [mailto:wegrzyn(_at_)garbagedump(_dot_)com]
> > Sent: Friday, August 08, 2003 3:54 PM
> > To: Yakov Shafranovich
> > Cc: asrg(_at_)ietf(_dot_)org
> > Subject: Re: [Asrg] 2.a.1. Spam Measurements - Data - Unsubscribe
> >
> > From what I've heard about the unsubscribe issue is that once you
> > "try" to unsubscribe they actually know there is active
> account. There
> > is a spammer in Burlington MA that uses this technique to
> build email
> > lists. I also understand they will send out "free things" types of
> > emails to get you to come to the site.
> >
> > Chuck Wegrzyn
> >
> >
> > Yakov Shafranovich wrote:
> > > After trying to do unsubscribe from every spam that I got in a
> > > poisoned account, I came with some interesting observations. Of
> > > course there is not enough data to make this
> statistically correct
> > > but the empirical observations are interesting.
> > >
> > > From all the spams that were received in this account in
> the last 2
> > > days, most seem to come from four specific sources. All these
> > > sources had unsubscribe pages. When I tried to
> unsubscribe twice, I
> > > got a warning that the address has already been removed. I tried
> > > doing this a day apart, it still worked. You can see for yourself
> > > at:
> > >
> > > http://www.med21sx.com/a.html
> > >
> > > What I am getting from this is that these four specific spammers
> > > maintain "remove" lists. One possible reason for them to
> do so, is
> > > that sending spam to people that do not want it anymore, will not
> > > provide spammers with any possibility of extra revenue,
> and may hurt
> > > them in the long run because those people if still receiving the
> > > spam, will report the spammers. Of course, the other
> reason could be
> > > that its all a ploy or a verify operation.
> > >
> > > In any case, we need more data on this and preferably a
> large-scale
> > study.
> > >
> > > Yakov
> > >
> > >
> > >
> --------------------------------------------------------------------
> > > ----
> > ---------------------------
> > >
> > > Yakov Shafranovich / <research(_at_)solidmatrix(_dot_)com>
> > > SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
> > >
> --------------------------------------------------------------------
> > > ----
> > ---------------------------
> > >
> > > "One who watches the wind will never sow, and one who
> keeps his eyes
> > > on the clouds will never reap" (Ecclesiastes 11:4)
> > >
> --------------------------------------------------------------------
> > > ----
> > ---------------------------
> > >
> > >
> > > _______________________________________________
> > > Asrg mailing list
> > > Asrg(_at_)ietf(_dot_)org
> > > https://www1.ietf.org/mailman/listinfo/asrg
> > >
> > >
> >
> >
> > _______________________________________________
> > Asrg mailing list
> > Asrg(_at_)ietf(_dot_)org
> > https://www1.ietf.org/mailman/listinfo/asrg
>
> _______________________________________________
> Asrg mailing list
> Asrg(_at_)ietf(_dot_)org
> https://www1.ietf.org/mailman/listinfo/asrg
>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg