Re: [Asrg] Is there anything good enough?

> From: David Walker <antispam@grax.com>

> ...
> Incredible.  Unfortunately I cannot afford to keep up with the sheer mass of 
> words as I have to work a full time job also.
>
> I explain the non-random character of my list because random domain names 
> appear once on my list and therefore did not appear in the top 11 most 
> common.  Almost 2000 messages did not appear in the top 11 and I am not going 
> to post those random domains here.

Have you sampled those other 2000 messages to see how many of their
sender addresses are of free providers, perhaps by checking my list
of free providers implicated in spam sent my direction?  I bet that
if you did, you'd find that many of those 2000 are other free providers.

The 823 messages in your top 11 domains involve free providers.  If
I'm wrong and none of the 2000 other messages involve free providers,
you still have 25% of your sample of 3300 coming from 7 domains that
share a common characteristic.  Judging from your top 11, those other
2000 messages cannot involve fewer than 76 domains, so 25% of your
sample is coming from at most 8% of the sampled domains.  I bet you
have more than 500 domains among those 2000 messages, so that the 7
free providers are about 1%.  What are the odds that is a coincidence?
I'm far from unique in blocking free provider mail.  If you need to
pick a domain to forge for spam, a free provider is a terrible choice.
What explanation is there except that spammers prefer free providers
for good reason?  What can the reason be that except that many spammers
are not forging free provider names?

> Your are incredibly hypocritical to be blocking those free domains that RMX 
> could make usable again.  You've expended endless amounts of energy 
> "defending" the very people you block.  Why do you block them when they are 
> so innocent?

Why don't you install the standard hack that blocks mail that violates
the primary RMX criterion?  Why wait for the free providers to change
their T&C and install RMX RRs?  I don't recall any contributor to this
list admitting a shred of ignorance or doubt about spam, so like all
of us spam experts, you must be familiar with the standard, many years
old advice to block free provider mail that does not come from the
free provider's MTAs.  It does have a high false positive rate except
in trivial situations like mine, but it does not block any mail except
what you term "spoofed."  My vague recollections are that the hack is
easy with postfix (which you seem to use).  It's bound to be quicker
and easier than RMX.

I'm sure that practically all free provider users are innocent of
spam, but that's none of my business.  They are free to send mail
however they want without any criticism from me if they follow their
ISPs' terms and conditions.  It's simply that they can't send mail to
my domains....well, I do urge friends to not use the free providers.
Some of them ignore my advice and force me to add whitelist entries
if I want to receive their mail.  I usually do, but not always.

I don't use the hack of the standard advice mostly because simply
blocking the free providers is easier and just as good for my situation.
The observed probability that an message with a free provider sender
address sent to my MTA is spam is more than 99.9%.  I do not expect
anyone else to do that blocking for me.  I also do not expect the free
providers to change their T&C so that they could use RMX or to eventually
use RMX, or do anything else.  I think demanding that free providers
change to fit my model of how they should run their businesses to suit
my convenience would be wrong.

Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Re: [Asrg] Is there anything good enough? - Spoofing stats