Daniel Feenberg wrote, On 7/7/09 8:14 AM:
On Mon, 6 Jul 2009, Bill Cole wrote:
Alessandro Vesely wrote, On 7/6/09 6:35 AM:
...
The overwhelming majority of mail I am offered by the Gmail outbounds
is spam. Google has played games with how they will accept abuse
reports, giving the appearance of not really wanting them.
Are these messages disguised in any way?
What do you mean by "any way?"
I do not retain most of them beyond the end of the SMTP session in which
they are rejected, so I cannot speak to most of their headers. Most have
gmail.com in the envelope-from, but some do not.
Just looking at my last week's
mail, there are 120 messages with "gmail.com" in the envelope-from. Two
of these are spam, or about .2% of my incoming spam. Am I measuring the
wrong thing?
Yes and no.
Note that I didn't say that I get much *volume* from the GMail outbounds,
nor that they are the source of a large fraction of the spam that my server
is offered, nor that all of the mail I was referring to was aimed at me
personally or even to any address that has ever been valid.
However, a quick look at the spam that has made it to the point of delivery
to my main account on that server tells me that about 20% of it is coming in
via the 209.85.128/17 and 74.125/16 machines that match the SPF record for
gmail.com. That's only a message or two per week: about half of what is
offered by those clients for all valid addresses on that system and about a
third of what they offer in total. In the past 40 days, the legitimate mail
count for that system from Gmail is exactly 1, but that's artificially high
because that one was a test message I sent to myself today to make sure that
I was not missing valid messages in my log searches.
Or do different users have a different experience of spam?
Is that a serious question? Assuming that it is: yes.
The spam experience of different users is not only non-uniform, it is not
normally distributed across operationally useful populations like domains or
receiving systems. Different users get very different volumes and different
distinct types. The addresses that are targeted by huge volumes of
completely fraudulent spam from easily-shunned botnets often get little or
no spam from the 'snowshoe' spammers who like to claim CAN-SPAM compliance
and may be advertising a product that some people willingly buy, and the
419'ers who like to use freemail accounts may hit a completely different set
of users.
My account has been fairly public for over 15 years, so if an MTA were
spewing a significant proportion of the worlds spam, wouldn't I be
getting some?
I don't believe I said that Google's MTA's were spewing a significant
proportion of the world's spam. Unless you consider the various spamming
botnets as single entities across all of their nodes, no single entity is
the source of a significant proportion of the world's spam.
What I did say (based on my own mailbox, my own small mail system with less
than a dozen users, and some non-ISP, non-academic mail systems with a few
score to a few thousand accounts) is that most of what Google's outbounds
offer *to the sorts of systems I work with* is spam. That does not make them
special among freemail providers, but freemail providers are an unusual
species of SMTP client: continuously mixed ham/spam, majority spam, high
total volume, and mixed spam and ham types (many of which are also seen from
other types of clients.) This makes them part of the heavy lifting of spam
control for receivers.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg