Re: [Asrg] spam down?
Chris Lewis <clewis+ietf@mustelids.ca> Sat, 26 January 2013 16:03 UTC
Return-Path: <clewis+ietf@mustelids.ca>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 547EF21F8619 for <asrg@ietfa.amsl.com>; Sat, 26 Jan 2013 08:03:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.441
X-Spam-Level:
X-Spam-Status: No, score=0.441 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rnu8yztN7L7I for <asrg@ietfa.amsl.com>; Sat, 26 Jan 2013 08:03:11 -0800 (PST)
Received: from mail.mustelids.ca (unknown [174.35.130.2]) by ietfa.amsl.com (Postfix) with ESMTP id AAA5421F8551 for <asrg@irtf.org>; Sat, 26 Jan 2013 08:03:10 -0800 (PST)
Received: from [192.168.0.8] (otter.mustelids.ca [192.168.0.8]) (authenticated bits=0) by mail.mustelids.ca (8.14.4/8.14.4/Debian-2ubuntu2) with ESMTP id r0QG32sj009145 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for <asrg@irtf.org>; Sat, 26 Jan 2013 11:03:03 -0500
Message-ID: <5103FE36.7010908@mustelids.ca>
Date: Sat, 26 Jan 2013 11:03:02 -0500
From: Chris Lewis <clewis+ietf@mustelids.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
To: asrg@irtf.org
References: <5103DC4E.4090004@mtcc.com>
In-Reply-To: <5103DC4E.4090004@mtcc.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] spam down?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jan 2013 16:03:14 -0000
On 13-01-26 08:38 AM, Michael Thomas wrote: > There was a little side box in the current Economist that spam was > down from 80+% to 67% and credited it to, among other things > "sophisticated authentication" which I assume means DKIM and SPF. > > First is there actual evidence that spam is on the wane? And if so, > does it actually have to due in part with authentication? I'd be > ecstatic to hear that the latter was true, but correlation is not > causation. In the wane ... how? Is the real question. Absolute volumes have indeed changed, as this graph (and many others) show: http://cbl.abuseat.org/totalflow.html but that doesn't tell the whole story. The reality is that authentication (we're talking DKIM/SPF/DMARC) has relatively little effect. They're pretty easy to make irrelevant. There are fewer bot families than there used to be. Bot takedowns have made major inroads. Still, there are a couple left that can dwarf what we've seen before _if_ it was attractive to fire them off. Kelihos and Festi are bigger than Rustock or Srizbi ever were. The defenses we have for bots are well-developed and widely-deployed. The ROI has declined markedly, so the bot armies are often left idle. What we're seeing instead, is an evolution from the massive scatter-gunning of a Rustock infecting a home computer, to that of compromised servers, compromised user accounts etc. These are harder to deal with, harder to stop, harder to filter. So, while there are fewer spams in the Internet, I strongly suspect that more of them are getting through. Spammers may not be spamming as much but they are spamming "better".
- [Asrg] spam down? Michael Thomas
- Re: [Asrg] spam down? Martijn Grooten
- Re: [Asrg] spam down? Chris Lewis
- Re: [Asrg] spam down? Barry Shein
- Re: [Asrg] spam down? Rob McEwen
- Re: [Asrg] spam down? Dotzero
- Re: [Asrg] spam down? Chris Lewis
- Re: [Asrg] spam down? Dotzero
- [Asrg] more validation methods, was spam down? Alessandro Vesely