[Top] [All Lists]

Re: [ietf-smtp] Levels of proposals

2015-12-16 17:58:14
On 12/16/2015 12:40 PM, Ted Lemon wrote:
Wednesday, Dec 16, 2015 7:17 AM Rich Kulawiec wrote:

Compared their inboxes in terms of MAGY.

Every inbox and every receiving infrastructure is different in terms of spamload.

Comparing individual maiboxes is an exercise in futility.

Even I, who have 150 million spams per day across dozens of spamtraps representing 10s of thousands of domains won't generalize to this extent. Because they're all different.

I do a daily tuning run on these traps. The daily tuning run is to find out which spams evaded the "SMTP client delivering to me is infected with <botname X>" heuristics so I can tune them. It does not trigger on real MTAs for obvious reasons (including MAGY's).

The "SMTP client delivering to me is infected" catches, right now, better than 95% of all inbound. So I'm only looking at 5% of the flood. Of that 5%, at most about 20% is MAGY. Usually <10%.

So at least on one trap cluster (~35M/day) MAGY isn't a big deal. At most about 1-2% of the total flow. Does that generalize everywhere? No. But I think it's a better measure than _one_ mailbox.

In the meantime, my personal account is unfiltered, similarly "for science". More than 50% of all spam that I receive in total is spamming "ietf(_at_)mustelids(_dot_)ca" - an account that was created JUST for being on this mailing list less than a month ago.

IOW: the IETF is responsible for greater than half of my spam.

[Back in the days when I ran the spam filters for a large corporate, every user who received more spam than I (~200/day) were frequent fliers on IETF mailing lists. Including the poor sod getting 1600/day. IETF mailing lists considered harmful.]

ietf-smtp mailing list