Re: [Asrg] Spam detection system proposal
"David F. Skoll" <dfs@roaringpenguin.com> Wed, 05 March 2003 19:42 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24556 for <asrg-archive@odin.ietf.org>; Wed, 5 Mar 2003 14:42:44 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h25JrNL14008 for asrg-archive@odin.ietf.org; Wed, 5 Mar 2003 14:53:23 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h25JrNO14005 for <asrg-web-archive@optimus.ietf.org>; Wed, 5 Mar 2003 14:53:23 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24539 for <asrg-web-archive@ietf.org>; Wed, 5 Mar 2003 14:42:12 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h25Jo0O13786; Wed, 5 Mar 2003 14:50:00 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h25JnGO13699 for <asrg@optimus.ietf.org>; Wed, 5 Mar 2003 14:49:16 -0500
Received: from ottawa-hs-209-217-122-117.s-ip.magma.ca (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24313 for <asrg@ietf.org>; Wed, 5 Mar 2003 14:38:06 -0500 (EST)
Received: from shishi.roaringpenguin.com (shishi.roaringpenguin.com [192.168.2.3]) by shevy.roaringpenguin.com (8.12.8/8.12.8) with ESMTP id h25Je3BD031661 for <asrg@ietf.org>; Wed, 5 Mar 2003 14:40:03 -0500
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Spam detection system proposal
In-Reply-To: <20030305193102.GS14655@main.templetons.com>
Message-ID: <Pine.LNX.4.53.0303051434200.4869@shishi.roaringpenguin.com>
References: <Pine.LNX.4.53.0303050925440.2189@shishi.roaringpenguin.com> <200303051523.h25FNx7p019253@calcite.rhyolite.com> <Pine.LNX.4.53.0303051038360.2189@shishi.roaringpenguin.com> <20030305193102.GS14655@main.templetons.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 05 Mar 2003 14:40:03 -0500
On Wed, 5 Mar 2003, Brad Templeton wrote: > The real world doesn't usually do security with physical security. > It punishes after the fact and uses that as deterrence. Right. But you need a way to detect the problem before you can punish it. A distributed mechanism for detecting anomalous SMTP behavior is like an alarm sytem. And alarm systems are pretty common in the real world. > Very few of the world's low level security problems are solved by > putting up a clever high fence. You notice that there is nobody > checking your bags as you leave the Sears store. It depends where in the world you live. :-) Lots of stores I've been in demand you leave parcels at the front, and if you walk through with a bag, you will be searched. In North America, this isn't so common, of course. > The number of bad addresses is another test, but not nearly so > reliable. Well, isn't it? I don't know, and I don't think you know either. Some posters have complained how their systems are stressed from bounce messages during spam attacks. This suggests to me that a large number of invalid addresses is a good indicator of a spam attack. Unfortunately, it's not necessarily the case that a spam attack always yields a large number of bad addresses; there probably are spammers out there who keep their lists clean. > In the end, though, if we can get most of the legit bulk mailers to > do something -- anything -- to let us know they are accountable for > abuse, I think we can lick this thing. That would help, but it requires buy-in from a lot of different groups with a lot of different vested interests. And I'm not sure that non-technical solutions fall within the charter of the IETF, although it certainly should consider them and recommend them to legislators. I don't advocate distributed statistics-gathering and analysis as a panacea. But I do believe it could be one more effective detection tool in our arsenal. -- David. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Matt Sergeant
- Re: [Asrg] Spam detection system proposal Jacqui Caren
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Mathias Herberts
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Matt Sergeant
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Vernon Schryver
- Re: [Asrg] Spam detection system proposal Jim Youll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Jim Youll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Vernon Schryver
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Jim Youll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Vernon Schryver
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Vernon Schryver
- Re: [Asrg] Spam detection system proposal Keith Moore
- Re: [Asrg] Spam detection system proposal Vernon Schryver
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Mark Delany
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Kee Hinckley
- Re: [Asrg] Spam detection system proposal Kee Hinckley
- Re: [Asrg] Spam detection system proposal Daniel Feenberg
- Re: [Asrg] Spam detection system proposal Matt Sergeant
- Re: [Asrg] Spam detection system proposal Kee Hinckley
- Re: [Asrg] Spam detection system proposal Mark Delany
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Brad Templeton
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Deven T. Corzine
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Vernon Schryver
- Re: [Asrg] Spam detection system proposal Deven T. Corzine
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal David F. Skoll
- Re: [Asrg] Spam detection system proposal Chris Lewis
- Re: [Asrg] Spam detection system proposal Nate W
- Re: [Asrg] Spam detection system proposal David F. Skoll
- RE: [Asrg] Spam detection system proposal Sauer, Damon
- RE: [Asrg] Spam detection system proposal David F. Skoll
- RE: [Asrg] Spam detection system proposal Sauer, Damon
- Re: [Asrg] Spam detection system proposal Kee Hinckley
- Re: [Asrg] Spam detection system proposal Alan DeKok
- Re: [Asrg] Spam detection system proposal Mark Delany
- Re: [Asrg] Spam detection system proposal Chris Lewis