Yakov Shafranovich wrote:
<snip>
What always amazes me is how much the politicians are willing to talk
about the problem, but not too many are willing to give cold hard cash
to law enforcement agencies. The FTC in the US estimates that over 70%
of spam is fraudulent and can be enforced under existing laws. Yes,
Congress has not given extra money to do so.
Unfortunately, as has been frequently discussed, evil spammers seem to
dominate bulk commercial email. They hide behind zombie proxies and use
underground networks to spew their garbage. Therefore zombies are a
mechanism that needs to be curtail first and this is an enforcement
issue, not a government policy issye. The need is for someone (who?) to
track zombies and then get ISP's to block. This is a difficult chore.
My own personal experiences and data collected at my SMTP server,
confirm the severity of the zombie issue. While, I recognize my
experiences are not necessarily universal, more general data is hard to
find. This is what I've found at my site.
1. Installing a homebrewed simple greylist filter dropped my spam rate
from about 65/day to 7-8/day and gave me the ability to gather some
stats. I'll accept mail from anyone who will retry with the same IP
address after two minutes of rejection.
2. In the last fourteen days I was visited by 4312 grey listed hosts.
3864 made just one attempt at delivery and when rejected, they never
came back (using that IP address). Apparently, retries where attempted,
but new IP addresses were used. The 3864 unique attempts came in 818
batches (tries in less than one minute) with an average of 4.7 attempts
per each batch.
3. The cost, to spammers, of a failed delivery must be cheaper than the
cost of pruning a mailing list. The stats remained relatively stable
even after 40 days of graylisting.
Harry Tabak
Quad Telecom, Inc.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg