ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Please critique my anti-spam system

2005-01-10 00:10:08
from [Michael Kaplan] [Permanent Link] 


Let's do the math.  A spammer finds 5% of his spam reaches people.

Way high.


Define reach. Hit the disk or eyeball? Sorry if I'm behind here.
I think MORE reaches people.


Hits the eyeball, since disks don't buy stuff.

We'd have to get good estimate from someplace like AOL.

Also, a lot of place block at the IP level, so the spam never gets in
to the spambox in the first place.


I would like to correct my math.  If I may quote from my own website:

"Email service providers will continue their practice of blocking the bulk of 
email that is suspected of being spam even before it is accepted.  Bounces are 
never sent to this vast amount of probable spam that is rejected at edge."

One member of this list estimated that 90% of spam was eliminated at the
periphery, before content filtering occurs.  Spam sent with a valid sub-address
will still be subjected to this blocking.

Also there is really no limit to the number of bogus email accounts that could
be fed to spammers.  I mentioned a 2:1 ratio of bogus account to real accounts.
If this isn't enough then how about a 10:1 ratio?  Conventional thinking is that
spammers don't care about bogus address - but now they will.

I would also reiterate the impossibility that a company can exist in the 
developing
world that would decode CAPTCHA for a legitimate company (Paypal, Amazon, etc.),
then also sell the same decoded list spammers, and expect to keep that
company's business for more than a week.  It would become INSTANTLY obvious that
the company was dishonest when every decoded address is then flooded with spam.
Also remember that a company such as Amazon is not paying to decode billions of 
CAPTCHA
a year, they would likely only need to decode less than 100,000 (and they are an
enormous internet company).  100,000 addresses wouldn't even approach the daily 
needs
of a spammer.

A lot is being made of the concept that with a decoded address a spammer can 
send
you an enormous amount of spam in a single day.  The spammer would much prefer 
to
send you 1 spam every day than 300 on a single day.  I would much rather receive
an enormous amount of spam once every few months than receive a little bit each 
day.

Michael Kaplan

-- 
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Please critique my anti-spam system, Hannigan, Martin
Next by Date:  [Asrg] joe(_dot_)debba(_at_)example(_dot_)com and joe(_dot_)beebe(_at_)example(_dot_)com, Amir Herzberg
Previous by Thread:  RE: [Asrg] Please critique my anti-spam system, Hannigan, Martin
Next by Thread:  Re: [Asrg] Please critique my anti-spam system, Devdas Bhagat
Indexes:  [Date] [Thread] [Top] [All Lists]