Re: [Asrg] An Anti-Spam Heuristic

Barry Shein <bzs@world.std.com> Thu, 13 December 2012 17:18 UTC

Return-Path: <bzs@world.std.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F87E21F864D for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 09:18:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DIyDOGkuc0es for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 09:18:21 -0800 (PST)
Received: from TheWorld.com (pcls6.std.com [192.74.137.146]) by ietfa.amsl.com (Postfix) with ESMTP id C8BD821F862C for <asrg@irtf.org>; Thu, 13 Dec 2012 09:18:20 -0800 (PST)
Received: from world.std.com (root@world.std.com [192.74.137.5]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id qBDHG8dJ028052 for <asrg@irtf.org>; Thu, 13 Dec 2012 12:16:11 -0500
Received: (from bzs@localhost) by world.std.com (8.13.6/8.13.6) id qBDHG596003961; Thu, 13 Dec 2012 12:16:05 -0500 (EST)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20682.3413.665708.640636@world.std.com>
Date: Thu, 13 Dec 2012 12:16:05 -0500
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl>
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl>
X-Mailer: VM 7.07 under Emacs 21.2.2
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 17:18:21 -0000

There's also Jef Poskanzer's greymilter which basically requires one
re-send from each never before seen mail server not in a white list.

And sendmail (and others') HELO delay (delay sending HELO a short
period of time) and don't speak until you're spoken to whatever they
call it (I use it, the sender must wait for the SMTP responses, can't
just dump an SMTP conversation at you.)

They're basically isomorphic to hashcash type solutions, increase the
sender's cost, but very transparent and quite clever because of that.

-- 
        -Barry Shein

The World              | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*