On 9/3/06, Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
I guess we disagree about this, but as long as you reject all
SPF FAIL it won't affect me personally. I won't mind if you
challenge an SPF PASS from me, I'm free to ignore it or to
answer it - depends on what I want, I answer challenges from
say ICANN or IANA (again and again... so far ;-).
Thank you for the feedback. Misdirected indiscriminant bounces are a major
problem, so it is natural to presume that a widely enacted anti-spam system
based on bounces would be absolutely disastrous. But what if bounces were
not indiscriminant but were instead highly selective as I propose in a
system that has been referred to as PER-CORRESPONDENT ADDRESS combined with
CHALLENGE/RESPONSE sub-flavor MUA AUTO-RESPONSE?
I call attention to the Ironport report on bounces. It provides the most
useful data on the bounce problem that I've seen so far. The report is free
from:
http://www.ironport.com/company/ironport_pr_2006-04-24.html
To summarize the hard data:
-9% of global email traffic is misdirected bounce mail, 71% is
spam/viruses/phishing, and 20% is legitimate.
-Less than 0.5% of bounce messages make it through to the end user.
-20% or more of what a spammer sends is bounced because of invalid addresses
-55% of fortune 500 companies have experienced partial or total disruptions
of service due to bounce caused DDoS
-There are 4.5 billion misdirected bounce messages per day. 10% of these
have valid addresses resulting in 450 million reaching mailboxes each day.
For my system to be highly effective I will assume that one of the better
email filters is being used and that 4% of spam and 4% of ham gets bounced.
I pick these numbers as the graphs of filter performance at:
http://sam.holden.id.au/writings/spam2/
Allowing a 4% bounce rate of suspected ham and spam transforms the top
performing spam filters into nearly perfect filters. Keep in mind that the
data from the above website was generated prior to current email
authentication practices, and of course it doesn't take into account the
fact that the use of sub-addresses on incoming mail will further improve
filter performance. Filter performance would therefore likely be superior
when used for my proposed system.
The following is an analysis of how a properly implemented bounce based
anti-spam system would impact the areas that are of the most concern when we
think of misdirected bounces:
*Effect on global email traffic*
I will assume that 50% of global email accounts are protected by this
system.
(4% spam bounced)*(71% global spam)*(50% participation) = 1.42%
(4% ham bounced)*(20% global ham)*(50% participation) = 0.4%
50% of the global email population is almost totally protected from spam at
the cost of a 1.82% absolute increase in global email traffic.
*Effect on DDoS*
Currently if a spammer sends 100 million spam emails using the return
address of a single company then 20 million misdirected bounces would hit
that company's system. We will generously assume that 80 million of these
spam emails target real addresses. Assuming 50% of the global population
uses this system then:
(80 million)*(50%)*(4%) = 1.6 million additional emails will hit the
company's system resulting in a total of 21.6 million, an 8% increase in
bounce volume.
This 8% increase in volume during a DDoS is should be weighted against the
benefit of nearly totally blocking spam to 50% of the global population.
Actually a good filter is unlikely to mistake an unauthenticated email sent
from a dubious server with a legitimate email from a Fortune 500 company.
The true increase in the volume of bounce DDoS attacks for large companies
is likely much less or almost non-existent.
*Effect of diverting spam on the inboxes of third parties*
Again assuming 50% of the global population uses this system:
(50%)*(4%) = 2% relative increase in the amount of "spam" sent globally.
(2%)*(10% of spam that spoofs an existing 'From' address) = 0.2% relative
increase in global spam directed at real addresses.
50% of these misdirected spam bounces will target users of this system.
Since the sub-address reproduces the benefit of BATV users of this system
will be perfectly protected from these bounces. So only the remaining 50%
of the global email population will face a 0.2% increase in the amount of
spam.
This also assumes that the third parties are not using other mechanisms,
such BATV, to stop bounces. This bounce spam will still need to face all of
the anti-spam mechanisms of the third party; content filters will still be
able to evaluate the spammy material in the bounce. The bounce will contain
the IP of the server that originated the spam so that the bounce recipient's
filter can evaluate its reputation.
On average we have at most a 0.2% increase in the average spam burden among
nonusers of this system. As with DDoS attacks a small number of individuals
may be disproportionately affected, but as with the DDoS example above these
individuals will face at most an 8% increase in the amount of bounce spam.
This slight increase in the amount of spam received by a small fraction of
users is again weighted against the benefit of 50% of the population being
free of spam.
Michael Kaplan
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg