RE: [Asrg] Some data on the validity of MAIL FROM addresses
"Eric Dean" <eric@purespeed.com> Mon, 19 May 2003 20:40 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA05166 for <asrg-archive@odin.ietf.org>; Mon, 19 May 2003 16:40:33 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4JK9eu15614 for asrg-archive@odin.ietf.org; Mon, 19 May 2003 16:09:40 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JK9eB15611 for <asrg-web-archive@optimus.ietf.org>; Mon, 19 May 2003 16:09:40 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA05160; Mon, 19 May 2003 16:40:02 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HrSC-0006MF-00; Mon, 19 May 2003 16:41:52 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19HrSB-0006MC-00; Mon, 19 May 2003 16:41:51 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JK53B14586; Mon, 19 May 2003 16:05:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4JK4KB14541 for <asrg@optimus.ietf.org>; Mon, 19 May 2003 16:04:20 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA05002 for <asrg@ietf.org>; Mon, 19 May 2003 16:34:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19HrMn-0006K5-00 for asrg@ietf.org; Mon, 19 May 2003 16:36:17 -0400
Received: from ns2.tidalwave.net ([66.77.68.8] helo=mailgate.purespeed.com) by ietf-mx with esmtp (Exim 4.12) id 19HrMi-0006JS-00 for asrg@ietf.org; Mon, 19 May 2003 16:36:12 -0400
Received: from purespeed.com (mail.purespeed.com [66.77.69.8]) by mailgate.purespeed.com (Postfix Relay Hub) with ESMTP id 89D6813B0D; Mon, 19 May 2003 16:38:24 -0400 (EDT)
Received: from HOMEY [68.100.19.195] by purespeed.com (SMTPD32-7.13) id A00B8497002E; Mon, 19 May 2003 16:35:23 -0400
From: Eric Dean <eric@purespeed.com>
To: Alan DeKok <aland@freeradius.org>, asrg@ietf.org
Subject: RE: [Asrg] Some data on the validity of MAIL FROM addresses
Message-ID: <MBEKIIAKLDHKMLNFJODBCENDFDAA.eric@purespeed.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <E19HkHU-0002qR-00@mail.nitros9.org>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Mon, 19 May 2003 16:37:46 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
> > > For example, if 90% of spam is forged, then RMX, C/R, and > > authentication schemes could do a lot against spam (modulo their > > other problems). It's not a large step to estimate that 90% of spam is forged. 1) However, much of that spam can be filtered using simple sender domain checks. Many spammers use bogus domains and maybe 5-10% of spam is dropped accordingly. 2) The next value is to do a HELO hostname check..about 10-20% is dropped as well. However, there are casualities for very large companies...such as bellsouth and verizon whereby I have to punch holes in my filters. 3) Then I could be more aggressive and apply a reverse-dns check on the initiating source IP. Doing so is also effective, however, all DSL and carrier Dial networks in-addr their IP pools...yet many mail admins don't. I have aout another 5-10% of my spam come from unresolved IPs..but instantly the phones light up..cost me money..and I'm out of business. The tough-love approach is suicidal stupidity. 4) Then OK, so now we go with RBL, to identify the pools..that'll work..costs non-trivial money..but it works for that flavor of spam..maybe 5%. Then I get plenty of spam from valid random domains, with valid senders (at least reply with SMTP OK), random IPs, reverse-DNS mappings (maybe overseas), valid HELO..everything marries up..and I still get 1-2 spams/second. So, I stopped looking at the logs because it depresses me..and I do something stupid like try to blacklist someone..or scan my bounce queue for http:// links or HREFs to indicate that there was some sort of solicitation. Trying to identify a pattern for spam is like writing an equation for the Niagra Falls. John Forbes Nash Jr was more successful than I was in identifying textual patterns. My lesson in futility was that the only successful anti-spam method is a distributed one. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- Re: [Asrg] Some data on the validity of MAIL FROM… Scott Nelson
- [Asrg] Some data on the validity of MAIL FROM add… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Fred Bacon
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: [Asrg] Some data on the validity of MAIL FROM… Alan DeKok
- Re: [Asrg] Some data on the validity of MAIL FROM… Scott Nelson
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Michael Rubel
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: [Asrg] Some data on the validity of MAIL FROM… Scott Nelson
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Michael Rubel
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Dave Crocker
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Alan DeKok
- Re: [Asrg] Some data on the validity of MAIL FROM… Alan DeKok
- Re: [Asrg] Some data on the validity of MAIL FROM… Alan DeKok
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- RE: [Asrg] Some data on the validity of MAIL FROM… Hallam-Baker, Phillip
- RE: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric Dean
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric Dean
- RE: [Asrg] Some data on the validity of MAIL FROM… Barry Shein
- RE: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- RE: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric Dean
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric Dean
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric Dean
- Re: RE: [Asrg] Some data on the validity of MAIL … Jon Kyme
- RE: RE: [Asrg] Some data on the validity of MAIL … Eric Dean
- Re: RE: [Asrg] Some data on the validity of MAIL … Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: RE: [Asrg] Some data on the validity of MAIL … Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Michael Rubel
- RE: [Asrg] Some data on the validity of MAIL FROM… Tom Thomson
- Re: RE: [Asrg] Some data on the validity of MAIL … Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Michael Rubel
- Re: [Asrg] Some data on the validity of MAIL FROM… Daniel Feenberg
- Re: [Asrg] Some data on the validity of MAIL FROM… Michael Rubel
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: [Asrg] Some data on the validity of MAIL FROM… Michael Rubel
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- RE: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Richard Rognlie
- RE: [Asrg] Some data on the validity of MAIL FROM… Clayton, Nik [IT]
- Re: RE: [Asrg] Some data on the validity of MAIL … Jon Kyme
- Re: RE: [Asrg] Some data on the validity of MAIL … Jon Kyme
- RE: RE: [Asrg] Some data on the validity of MAIL … Clayton, Nik [IT]
- RE: RE: [Asrg] Some data on the validity of MAIL … Clayton, Nik [IT]
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: RE: RE: [Asrg] Some data on the validity of M… Jon Kyme
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Jon Kyme
- RE: [Asrg] Some data on the validity of MAIL FROM… Tom Thomson
- RE: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- Re: [Asrg] Some data on the validity of MAIL FROM… mathew
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- RE: [Asrg] Some data on the validity of MAIL FROM… Eric D. Williams
- RE: [Asrg] Some data on the validity of MAIL FROM… Barry Shein
- Re: [Asrg] Some data on the validity of MAIL FROM… Barry Shein
- Re: [Asrg] Some data on the validity of MAIL FROM… wayne
- Re: [Asrg] Some data on the validity of MAIL FROM… Vernon Schryver
- Re: [Asrg] Some data on the validity of MAIL FROM… Yakov Shafranovich
- RE: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Kee Hinckley
- Re: [Asrg] Some data on the validity of MAIL FROM… Markus Stumpf
- Re: [Asrg] Some data on the validity of MAIL FROM… Chris Lewis