ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Experimental Desi gn

2003-08-19 08:15:28
from [Sauer, Damon] [Permanent Link] 
 Our message systems, in the past, in order to do filtering and routing (we
have over 60 domains) accepted all email to those domains and did address
checking later.
 To answer the second question from Kurt... If I am understanding your
question correctly, No. There is no way to really tell because we do not
keep historical data for 550's for the purpose of analysis and my systems,
before we started address checking, didn't know about 550's. So there is
nothing to compare. My anti-spam scripts care more about how many 550's I
get, not which ones I am getting. However, I was able to remove over 8000 ip
addresses and ranges from our untrusted domains list due to these addresses
not trying to attach to us anymore. I can correlate most of the removals to
the fact that we started address checking, but I do not have empirical data
to "prove" that.

Regards, 
Damon Sauer 



-----Original Message-----
From: Jon Kyme [mailto:jrk(_at_)merseymail(_dot_)com]
Sent: Tuesday, August 19, 2003 9:16 AM
To: ASRG
Subject: Re: RE: [Asrg] 2.a.1 Analysis of Actual Spam Data -
Experimental Desi gn



At 4:31 PM -0500 2003/08/18, Sauer, Damon wrote:



  It is not C-R.


      Sorry, my mistake.  I misunderstood.


You give me a RCPT TO: the RCPT TO: is checked against my
address database. If it is good I say OK. If it is bad I say 550 No

such

 user.


      Okay, now I'm really confused.  I thought that most mail systems 
did this -- if you try to send mail to an account that doesn't exist, 
they respond with an error and refuse to accept the message.  Thus, 
the mail volume goes down.

      Is there something additional that has been done here?



Indeed, many systems do not. A customer on a network that I'm familiar with
called the operations team to ask them if they could fiddle with their
firewall (in fact that firewall is managed by someone else that they hired
- which I guess they'd forgotten) to block port 25 for a particular IP
range.
The demand of generating bounces to a spam run (to no doubt forged senders)
had crippled their (exchange) server. When asked why they weren't just
rejecting unknown recipients they said that Mgmt wanted to see
"wrong email addresses".  How we laughed.

And then of course there's Yahoo and many others.





--

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material.  Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.  If you received
this in error, please contact the sender and delete the material from all
computers."

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • RE: RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Experimental Desi gn, Sauer, Damon <=
Previous by Date:  Re: RE: [Asrg] 2.a.1 Analysis of Actual Spam Data - Experimental Desi gn, Brad Knowles
Next by Date:  Re: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based, Yakov Shafranovich
Previous by Thread:  [Asrg] (no subject), Kurt Magnusson
Next by Thread:  Re: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]