If you were running a reputation service of the type I described earlier you
could measure he number of requests against a given address as a proxy for
the number of messages sent out by the address.
Of course spamers could also try to work that feature as well, generating
thousands of bogus tests against their own domain to dilute their report.
This in turn could be detected and used as a spamdicator by comparing to
other sources of traffic measurement.
Phill
-----Original Message-----
From: wayne [mailto:wayne(_at_)midwestcs(_dot_)com]
Sent: Monday, January 12, 2004 4:13 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] how blacklisting will work in the future
In
<2A1D4C86842EE14CA9BC80474919782E011132D8(_at_)mou1wnexm02(_dot_)vcorp(_dot_)ad
.vrsn.com> "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
In <20040112200356(_dot_)GB18595(_at_)dumbo(_dot_)pobox(_dot_)com> Meng
Weng Wong
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
But if a provider also gives the total mail volume seen,
you can do a ratio.
Getting accurate mail volumes is A Very Hard Task.
You don't need to be very accurate.
[...]
Even so, orders of magnitude will serve fine for almost all
purposes.
I've been active on the spamcop newsgroups/mailing lists for a fair
while now. SpamCop uses just such a ratio system that is being
described here. It *does* work reasonably well, but it takes a lot of
effort to keep it working as spammers actively try and destroy it.
As I have mentioned in the post you replied to, there are trivial
cases of sample traffic being off by orders of magnitude.
Senderbase.org says that midwestcs.com sends out a magnitude of 4.0
email per day. That is off by 3 orders of magnitude.
Koreans will certainly see many orders of magnitude difference in
legitimate email from Korean ISPs than folks here in the US see.
Besides the problems with sampling mentioned above, SpamCop has been
fighting real hard with a much more important issue. The people who
report spam is not random and not large. Many of the big spammers
have listwashed many of the anti-spammers and spam traps from their
lists. According to Julian Haight (founder of SpamCop), many of the
known big spammers have smaller "foot prints" than most two-bit
spammers. This is a very serious problem for them.
Anyway, when I say that getting accurate mail volumes is A Very Hard
Task, it comes from following this particular issue fairly closely.
It is certainly a hard enough problem that SPF will be just one part
of any reliable RHSBL. This is an issue that is best left up to
people who run such RHSBLs.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡