ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 2. Analysis (specifically, trap addresses)

2003-10-01 17:22:31
from [Kee Hinckley] [Permanent Link] 
At 12:21 PM -0500 10/1/03, Terry Sullivan wrote:

Data from multiple independent sources (including Liam Meany, Scott
Nelson, and myself) indicate that "otherwise identical" trap
addresses receive *vastly* different amounts of spam traffic.  This
unexplained variance in spam traffic is *very* large and all of it is
"statistically 'bad' variance."  That "bad variance" at least
I had reason to think about this yesterday. I was going over the records from our spam filter, and somewhere.com's email in particular. I discovered that one single spammer (see http://www.spamhaus.org/sbl/sbl.lasso?query=SBL6857 for details) attempted to initiate a connection with our anti-spam proxy server 500,000 times over a day and half or so (4 connection attempts a second, non-stop).
It's frequently been said that there are really only about 200 major spammers. And certainly there are fewer types of spamming software than that, and fewer sources of target addresses.
I think we get fooled somewhat by the large amount of spam and assume that we are dealing with a very large sample size; one which should therefore show standard statistical distributions. If in fact the actual number of senders (or software/target combinations) is quite small, than we will in fact *not* see standard distributions--even if the volume of spam itself is very high. What we are sampling is not spam, but spammer targets/techniques. Accurately measuring such a small population may require a much greater distribution of spamtraps. And it's definitely not a random population. Spammers specialize. There are some who do nothing but AOL accounts. And as my experience suggests, there are apparently some who are simply broken. 
--
Kee Hinckley
http://www.messagefire.com/         Next Generation Spam Defense
http://commons.somewhere.com/buzz/  Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 6. Proposals - A Brief Defence of "Pull", Brad Knowles
Next by Date:  RE: [Asrg] 6. Proposals - CRI Draft - 4.1 Loop Avoidance, Eric Dean
Previous by Thread:  [Asrg] 2. Analysis (specifically, trap addresses), Terry Sullivan
Next by Thread:  Re: [Asrg] 2. Analysis (specifically, trap addresses), Dennis Gearon
Indexes:  [Date] [Thread] [Top] [All Lists]