Danny Angus wrote:
It may be that the idea of indirection between logical recipients and email
addresses has some place in the ingredients of a complete solution.
I have spent the last few years working out the operational concerns of an
email security application that employs multiple addresses (which I call
"supplemental addresses") for each protected inbox. I'd like to contribute to
the discussion by explaining how I see supplemental addresses being of a
benefit to the overall anti-spam space.
The use of supplemental addresses is not, in and of itself, an anti-spam
method. By separating messages into physically separate address spaces,
supplemental addresses expand the context that one can derive about a message,
starting with, "what address was it sent to?". Another question that can be
answered is, "who did I originally give the address to?", which leads to
answering, "how did this sender get my address?". There are other things that
can be uncovered from knowing which supplemental address was used per message.
But here's what makes supplemental addresses really interesting. When you
combine the use of supplemental addresses with pretty much any other anti-spam
model, it tends to preserve the strength of the model while greatly reducing or
even eliminating the negative side effects that pretty much every model
contains.
To understand this better, I'd like to present an important premise that we
originally believed was true, and after a few years experience have found to be
true in practice, that sets the stage for why supplemental addresses contribute
to spam defenses:
"Legitimate contacts never knowingly share your email address
with spammers, and
spammers only share your address with other spammers, never
with legitimate contacts."
If access to my inbox can be fractionated so that sources of spam use addresses
which are different from sources of legitimate messages, then those
supplemental addresses receiving spam can be subjected to anti-spam defenses
and, more importantly, addresses that receive only legitimate messages can be
completely spared from spam defenses (and their endemic shortcomings).
I recently did an assay of our users and calculated that after a few weeks of
use, 90%-97% of all legitimate messages arrive on supplemental addresses that
are not protected in any way from spam (sent to a "public" address), but
overall spam prevention is active on those addresses that have spam sent to
them. So the net spam relief is the same with or without supplemental
addresses.
So, combining supplemental addresses with a traditional content filter would
still block the same number of messages as the filter alone, but since 90%-97%
of legitimate mail is not subjected to the filter, the overall rate of false
positives endemic to that filter would be decreased by almost an order of
magnitude. The same filter, but almost 10 times fewer false positives.
Likewise, combing supplemental address with white listing has the net effect of
continuing to block all spam, but with 90%-97% fewer instances of challenge
response (if you are using C/R in the white list scheme).
This effect holds up with every security model that I've considered.
Supplemental addresses constitute a generic approach that, when combined with
other anti-spam technologies, improves the overall performance metrics of the
other technologies. I think the use of supplemental addresses is becoming more
commonplace.
I hope that my particular way of viewing the role of supplemental addresses
helps in the discussion.
Joe McIsaac
Reflexion Network Solutions, Inc.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg