[Top] [All Lists]

Re: slight update to draft-macdonald-antispam-registry

2011-05-11 18:21:31

FWIW, Some interesting for RBL.

Starting in 2003, RBL was by far the highest in filtering consistently averaging around 60-70%, but then it began to drop:

  2006 to 40-50%
  2009 to 20-30%
  2011 to 10-15%!

What has consistently remained over 60-70% over the 8 years is Return Path CBV (Call Back Verification), as well consistently over the years of 50-60% for RCPT TO (invalid local recipients checks).

SPF was always low around 1% but slowly climbed to ~6% today.

With better measurements at the DATA level this year, I'm seeing ~30% content rejects based on large database of spam words checks

John C Klensin wrote:

--On Wednesday, May 11, 2011 20:36 +0000 John Levine
<johnl(_at_)taugh(_dot_)com> wrote:

But, as far as "harm" goes, non-delivery of messages that
should have been delivered and instead vanished without a
trace is, for me, qualitatively worse than any quantity of
With a sufficient quantity of spam in your mailbox, you can't
even find the real mail so it might as well not have been
delivered.  BTDT.


This may be just a difference in perspective, but I see
tradeoffs between my risk tolerance for losing messages and my
desire to avoid having my mailbox filled with noise.  If I get
the virtual knob turned all the way to one side, I lose all of
the messages that might possibly be spam, i.e., all of the
messages unless I accept only signed messages from people whose
ability to manage keys I trust.  If it turn it too far the other
way, I will have a lot of trouble finding real messages because
of the spam.  My choice, my problem.  And I assume that you
wouldn't try to deny me  (or Keith) the right to make tradeoff
decisions even if you think they are stupid (or that my concern
about lost messages is excessive).

We hit a disconnect (I think), only when you (or others)
encourage some mail providers to reject or, worse, drop, my
legitimate mail (for the purposes of this discussion, assume
non-commercial, small number of recipients, and desired/
expected by the proposed recipient) because the sender did not
meet some semi-arbitrary criterion established by that provider
and not under the control of either the sender or (especially)
the intended recipient.

My definition of "semi-arbitrary" perhaps also differs from
yours.  I would include in that category any rule that depends
on heuristics (which, by definition, will fail sometimes) and
any classification system that is not clearly identified and
against which the intended recipient of the message does not
have practice and effective recourse if the owners of the
classification system get things wrong.
I may be wrong, but I don't think either Keith or I are saying
"don't use blacklists in your systems".  Keith, I think, comes
closer than I do.   For all you know, I might even be using
blacklists as part of a scoring system (and I'm not telling).
What I think we are saying is:

        (i) Don't force me to use blacklists or otherwise force
        them on me or my mail.
        (ii) If someone does use a blacklist and legitimate mail
        is dropped, both the list compiler and the party who
        decided to use that particular list and how should be
        easily identified and accountable.

I don't see blacklists as being special in that regard.  YOu
could substitute any technique for preventing some messages from
showing up in my primary inbox for "blacklist" in the above two
comments and I would almost certainly still agree.



Hector Santos

<Prev in Thread] Current Thread [Next in Thread>