John Leslie wrote:
I'd definitely record the AS of the sender's IP.
That should be possible, but would that give information that's useful in a
statistical way? I want to find data such as "7% of all spam is sent from
Liechtenstein, whereas 12% of hard-to-filter spam is sent from there; we ought
to focus more on emails coming from Liechtenstein's IP space". I expect the
percentages of AS's found to be so low that the differences will hardly ever be
significant.
Filters, hopefully, are a moving target; so whatever you publish
will be of limited use a week later.
I realise that. I do want to run the project over a longer period of time and I
do hope the project to yield some general information on where to focus. To be
honest, I'm not sure what to expect and whether I can expect the results to be
useful, but that's one of my reasons for running the project.
[1] Spam in the context of this email is spam sent to spam traps.
So the real, proper spam, not the perhaps-not-100%-CAN-SPAM-compliant
spam.
It will be necessary to at least sample the "interesting" cases,
since spamtraps do get some non-spam...
Good point and yes, I will do that.
[2] Several of these make use of open source filters (e.g.
SpamAssassin), so it's fair to say that most filters are covered.
The setup does exclude techniques such as TCP fingerprinting or
greylisting though.
That's OK, though it might be interesting to compare those
techniques. BTW are you saying that if a (commercial?) spam-filter
uses those techniques, your setup will exclude them?
No. Just that these features are turned off.
Thanks
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg