Re: [Asrg] An Anti-Spam Heuristic

Michael Thomas <mike@mtcc.com> Thu, 13 December 2012 17:21 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B8521F8BC0 for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 09:21:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.479
X-Spam-Level:
X-Spam-Status: No, score=-2.479 tagged_above=-999 required=5 tests=[AWL=-1.120, BAYES_00=-2.599, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cBVFtN3u500P for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 09:21:25 -0800 (PST)
Received: from mtcc.com (mtcc.com [IPv6:2001:5a8:4:9fe0:224:8cff:feaa:6d9b]) by ietfa.amsl.com (Postfix) with ESMTP id 434B021F8BBF for <asrg@irtf.org>; Thu, 13 Dec 2012 09:21:24 -0800 (PST)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id qBDHLLA8011478 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 13 Dec 2012 09:21:21 -0800
Message-ID: <50CA0E91.2080304@mtcc.com>
Date: Thu, 13 Dec 2012 09:21:21 -0800
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20682.3413.665708.640636@world.std.com>
In-Reply-To: <20682.3413.665708.640636@world.std.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=828; t=1355419281; x=1356283281; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[Asrg]=20An=20Anti-Spam=20Heuristic |Sender:=20 |To:=20Anti-Spam=20Research=20Group=20-=20IRTF=20<asrg@irtf .org> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=MgYZMy+BJHmrVCZ+bXodGEgr7WlLrwBs5E8fkhy0INg=; b=FOLZB7VLTJqzh6q25LqugW/pdN9EZ9vhPRoI6MUpGp4sc7bS9LrhvZ3oJ5 9N6ytprfBKQRLh72rH/IAI6O5eUoOJSTT8cP5EhgVCzWpicPVw1AGcGbt1p7 +e0yaNYMCChyQA892jXqThROGII7YlbC3WxiLFWpGF7kv4y2UFH7E=;
Authentication-Results: mtcc.com; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Cc: Barry Shein <bzs@world.std.com>
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 17:21:26 -0000

On 12/13/2012 09:16 AM, Barry Shein wrote:
> There's also Jef Poskanzer's greymilter which basically requires one
> re-send from each never before seen mail server not in a white list.
>
> And sendmail (and others') HELO delay (delay sending HELO a short
> period of time) and don't speak until you're spoken to whatever they
> call it (I use it, the sender must wait for the SMTP responses, can't
> just dump an SMTP conversation at you.)
>
> They're basically isomorphic to hashcash type solutions, increase the
> sender's cost, but very transparent and quite clever because of that.
>
Given botnets, anything that tries to shift burden back onto the
sender is not very likely to be effective in the long run. Yes, you
might get some short term relief, but the firehose is just a software
update away.

Mike