On Dec 4, 2008, at 3:50 AM, Rich Kulawiec wrote:
This suggests that (unlike perhaps a decade ago) the utility of
"local" spamtraps may be increasing confined to less sophisticated
spammers, as more clueful ones have found it worth the effort to
avoid them. I've been able to draw a few other conclusions along
the way as well, but I'm becoming convinced that there may be too
many variables in play to effectively answer the core question.
The less sophisticated approach still represents a majority of the
problem. Have a portion of the detection remain inactive. A
differential between the active provides evidence to the level of
avoidance. When detection represents less that 1% of the overall,
larger volumes will appear more diverse, causing non-linear detection
rates. The real complexity is with botnets or IP addresses vulnerable
to BGP hijacking. They remain dormant over long periods, but may
appear suddenly. Unfortunately, the speed of domain registration and
lack of advanced notice is effectively leveraged as a means to recover
botnet control nodes and to defeat name based protections.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg