Re: [Asrg] An Anti-Spam Heuristic

Barry Shein <bzs@world.std.com> Thu, 13 December 2012 23:16 UTC

Return-Path: <bzs@world.std.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16E8621F8B7D for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 15:16:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.496
X-Spam-Level:
X-Spam-Status: No, score=-3.496 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1yyDC2H34YR2 for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 15:16:02 -0800 (PST)
Received: from TheWorld.com (pcls5.std.com [192.74.137.145]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6FF21F8BD0 for <asrg@irtf.org>; Thu, 13 Dec 2012 15:16:02 -0800 (PST)
Received: from world.std.com (root@world.std.com [192.74.137.5]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id qBDNFaff032023 for <asrg@irtf.org>; Thu, 13 Dec 2012 18:15:38 -0500
Received: (from bzs@localhost) by world.std.com (8.13.6/8.13.6) id qBDNFajM004808; Thu, 13 Dec 2012 18:15:36 -0500 (EST)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20682.24984.463533.515455@world.std.com>
Date: Thu, 13 Dec 2012 18:15:36 -0500
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <20121213205940.735FE24248@panix5.panix.com>
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20682.3413.665708.640636@world.std.com> <20121213205940.735FE24248@panix5.panix.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 23:16:07 -0000

On December 13, 2012 at 15:59 sethb@panix.com (Seth) wrote:
 > Barry Shein <bzs@world.std.com> wrote:
 > 
 > > There's also Jef Poskanzer's greymilter which basically requires one
 > > re-send from each never before seen mail server not in a white list.
 > >
 > > And sendmail (and others') HELO delay (delay sending HELO a short
 > > period of time) and don't speak until you're spoken to whatever they
 > > call it (I use it, the sender must wait for the SMTP responses, can't
 > > just dump an SMTP conversation at you.)
 > >
 > > They're basically isomorphic to hashcash type solutions, increase the
 > > sender's cost, but very transparent and quite clever because of that.
 > 
 > They have nothing to do with increasing the sender's cost.  Rather,
 > they take advantage of the fact that legitimate mailers implement the
 > RFCs in ways that spamware typically doesn't, so they test for that
 > and spamware flunks.

Not true.

They don't implement RFCs accurately because they're trying to send
faster/cheaper.

Even e-bay for example had a problem when this "demand they wait for a
response" feature started to become popular because they too figured
out they could just dump one side of the SMTP conversation w/o waiting
for responses and it previously worked well enough and was much
"cheaper" on their servers.

Spamware did it because it was computationally and networktationally
cheaper. Which is what hashcash et al is all about.

And the same is true of making them re-try the first time
(graylisting.)

Again, not an argument for hashcash, just clarifying that it's all the
same thing.

It wasn't that they were poor at following RFCs, it was cheaper to
carbitrage the protocol.

-- 
        -Barry Shein

The World              | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*