ietf-asrg
[Top] [All Lists]

Re: [Asrg] A paper/project worth considering (found it!)

2008-12-09 13:06:54

On Dec 4, 2008, at 3:50 AM, Rich Kulawiec wrote:

This suggests that (unlike perhaps a decade ago) the utility of "local" spamtraps may be increasing confined to less sophisticated spammers, as more clueful ones have found it worth the effort to avoid them. I've been able to draw a few other conclusions along the way as well, but I'm becoming convinced that there may be too many variables in play to effectively answer the core question.

The less sophisticated approach still represents a majority of the problem. Have a portion of the detection remain inactive. A differential between the active provides evidence to the level of avoidance. When detection represents less that 1% of the overall, larger volumes will appear more diverse, causing non-linear detection rates. The real complexity is with botnets or IP addresses vulnerable to BGP hijacking. They remain dormant over long periods, but may appear suddenly. Unfortunately, the speed of domain registration and lack of advanced notice is effectively leveraged as a means to recover botnet control nodes and to defeat name based protections.

-Doug

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg