Re: [Asrg] An Anti-Spam Heuristic

Steve Atkins <steve@blighty.com> Thu, 13 December 2012 21:08 UTC

Return-Path: <steve@blighty.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97A3E21F8444 for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 13:08:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gokMH1PESFuz for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 13:08:05 -0800 (PST)
Received: from m.wordtothewise.com (misc.wordtothewise.com [184.105.179.154]) by ietfa.amsl.com (Postfix) with ESMTP id E6D6421F8441 for <asrg@irtf.org>; Thu, 13 Dec 2012 13:08:05 -0800 (PST)
Received: from [192.168.80.56] (204.11.227.194.static.etheric.net [204.11.227.194]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: steve) by m.wordtothewise.com (Postfix) with ESMTPSA id 902962DECF for <asrg@irtf.org>; Thu, 13 Dec 2012 13:08:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wordtothewise.com; s=1.wttw; t=1355432884; bh=OvCZkxZZP4yD/uJ2jzhyYdvUH8lm+mO/9GuYf3k7fMg=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date: Content-Transfer-Encoding:Message-Id:References:To; b=imGfuXblIlTFHNKVl+9gV+J1X+TE7QoEFYZv3+z2lDkBzIRXERXEVl1ZFrGNwK2nX 6urEYH5bEeddceGRXfq988iA7352AlIU7IyVDpgMOf4RoxuNVqZB+RL6LTkpMEuSXz yIpe7mqKolM/RT10i91grVQTBbia/X1GodOQMZJ4=
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Steve Atkins <steve@blighty.com>
In-Reply-To: <20121213205940.735FE24248@panix5.panix.com>
Date: Thu, 13 Dec 2012 13:08:03 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <B03B6262-E7B0-499D-A744-8F4796CC761A@blighty.com>
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20682.3413.665708.640636@world.std.com> <20121213205940.735FE24248@panix5.panix.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
X-Mailer: Apple Mail (2.1499)
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 21:08:06 -0000

On Dec 13, 2012, at 12:59 PM, Seth <sethb@panix.com> wrote:

> Barry Shein <bzs@world.std.com> wrote:
> 
>> There's also Jef Poskanzer's greymilter which basically requires one
>> re-send from each never before seen mail server not in a white list.
>> 
>> And sendmail (and others') HELO delay (delay sending HELO a short
>> period of time) and don't speak until you're spoken to whatever they
>> call it (I use it, the sender must wait for the SMTP responses, can't
>> just dump an SMTP conversation at you.)
>> 
>> They're basically isomorphic to hashcash type solutions, increase the
>> sender's cost, but very transparent and quite clever because of that.
> 
> They have nothing to do with increasing the sender's cost.  Rather,
> they take advantage of the fact that legitimate mailers implement the
> RFCs in ways that spamware typically doesn't, so they test for that
> and spamware flunks.

And a lot of spamware doesn't flunk. Yet it can damage legitimate use of email,
both when the senders aren't following RFCs strictly (lots of senders will
give up if a recipients MX is so overloaded/broken that it's not responding
after tens of seconds) or when they are (greylisting in particular really
breaks active mailing lists, by reordering discussions into a fairly random
order).

It's the sort of thing that people tend to do because it makes them feel
like they're sticking one to spammers - which isn't a bad reason, by any
means, but doesn't lead towards optimal solutions.

Cheers,
  Steve