On 13-01-26 08:38 AM, Michael Thomas wrote:
There was a little side box in the current Economist that spam was
down from 80+% to 67% and credited it to, among other things
"sophisticated authentication" which I assume means DKIM and SPF.
First is there actual evidence that spam is on the wane? And if so,
does it actually have to due in part with authentication? I'd be
ecstatic to hear that the latter was true, but correlation is not
causation.
In the wane ... how? Is the real question.
Absolute volumes have indeed changed, as this graph (and many others) show:
http://cbl.abuseat.org/totalflow.html
but that doesn't tell the whole story.
The reality is that authentication (we're talking DKIM/SPF/DMARC) has
relatively little effect. They're pretty easy to make irrelevant.
There are fewer bot families than there used to be. Bot takedowns have
made major inroads. Still, there are a couple left that can dwarf what
we've seen before _if_ it was attractive to fire them off. Kelihos and
Festi are bigger than Rustock or Srizbi ever were. The defenses we have
for bots are well-developed and widely-deployed. The ROI has declined
markedly, so the bot armies are often left idle.
What we're seeing instead, is an evolution from the massive
scatter-gunning of a Rustock infecting a home computer, to that of
compromised servers, compromised user accounts etc. These are harder to
deal with, harder to stop, harder to filter.
So, while there are fewer spams in the Internet, I strongly suspect that
more of them are getting through.
Spammers may not be spamming as much but they are spamming "better".
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg