Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well
Vernon Schryver <vjs@calcite.rhyolite.com> Fri, 13 June 2003 05:24 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA09436 for <asrg-archive@odin.ietf.org>; Fri, 13 Jun 2003 01:24:00 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5D5NWj25825 for asrg-archive@odin.ietf.org; Fri, 13 Jun 2003 01:23:32 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5D5NVm25822 for <asrg-web-archive@optimus.ietf.org>; Fri, 13 Jun 2003 01:23:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA09427; Fri, 13 Jun 2003 01:23:30 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Qh05-0001Jp-00; Fri, 13 Jun 2003 01:21:21 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Qh05-0001Jm-00; Fri, 13 Jun 2003 01:21:21 -0400
Received: from optimus.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5D2o2a14863; Thu, 12 Jun 2003 22:50:02 -0400
Received: from ietf.org (lists.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h5D2nhm14819 for <asrg@optimus.ietf.org>; Thu, 12 Jun 2003 22:49:43 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA06074 for <asrg@ietf.org>; Thu, 12 Jun 2003 22:49:39 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19QebF-0000Sn-00 for asrg@ietf.org; Thu, 12 Jun 2003 22:47:33 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19QebD-0000Sk-00 for asrg@ietf.org; Thu, 12 Jun 2003 22:47:32 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h5D2nWpl007608 for asrg@ietf.org env-from <vjs>; Thu, 12 Jun 2003 20:49:32 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306130249.h5D2nWpl007608@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Statistical Analysis shows SPF should work Pretty Well
References: <20030612202450.1BC97DE41@dumbo.pobox.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 12 Jun 2003 20:49:32 -0600
> From: mengwong@dumbo.pobox.com (Meng Weng Wong) > ... > Conclusion 1: aol, hotmail, and yahoo have successfully implemented > outbound antispam technology, ie. ways to ensure that only humans sign > up for their accounts, or limits on per-account outbound message volume. Success is certainly is fleeting. See http://www.google.com/search?q=hotmail+dav http://news.google.com/news?q=hotmail+dav http://www.vnunet.com/News/1141514 I've also seen recent reports from usually reliable sources that Microsoft's account creation mechanism has been "scripted." A summmary of all of that is that in recent weeks spammers have been significant spam through Hotmail systems. This goes to show that questions (not just statements) about whether characteristics of spam (or spam defenses) occur some of the time or most of the time should be view critically. Measurements of spam can be useful for showing that a characteristic (practically?) always or never occurs in spam or that a tactic of spammers or spam defenses always or never works. Concluding much from a measurement that says "X happens 90%" (or 9%) is often an error. > ... > Conclusion 2: Client IPs whose PTR do not match their sender domains are > more likely to be spam than not. > > But that means a scheme like SPF/DMP/RMX should work nicely. Does that imply that your definition of "work nicely" allows as many as 50% false positives? Vernon Schryver vjs@rhyolite.com _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Statistical Analysis shows SPF should work… Meng Weng Wong
- Re: [Asrg] Statistical Analysis shows SPF should … Kee Hinckley
- Re: [Asrg] Statistical Analysis shows SPF should … Vernon Schryver
- Re: [Asrg] Statistical Analysis shows SPF should … Yakov Shafranovich
- Re: [Asrg] Statistical Analysis shows SPF should … Yakov Shafranovich
- Re: [Asrg] Statistical Analysis shows SPF should … Yakov Shafranovich
- Re: [Asrg] Statistical Analysis shows SPF should … Vernon Schryver
- Re: [Asrg] Statistical Analysis shows SPF should … Barry Shein
- [Asrg] Spammer responses to SPF Meng Weng Wong
- Re: [Asrg] Spammer responses to SPF Yakov Shafranovich
- Re: [Asrg] Spammer responses to SPF Alan DeKok
- [Asrg] SPF: Objection: spammers will use <> Meng Weng Wong
- Re: [Asrg] Spammer responses to SPF Markus Stumpf
- Re: [Asrg] SPF: Objection: spammers will use <> Markus Stumpf
- Re: [Asrg] SPF: Objection: spammers will use <> Yakov Shafranovich