Re: [Asrg] An Anti-Spam Heuristic
Alessandro Vesely <vesely@tana.it> Sun, 16 December 2012 11:50 UTC
Return-Path: <vesely@tana.it>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B151721F84F0 for <asrg@ietfa.amsl.com>; Sun, 16 Dec 2012 03:50:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugUid0l3WLqK for <asrg@ietfa.amsl.com>; Sun, 16 Dec 2012 03:50:55 -0800 (PST)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id AF6AA21F84DC for <asrg@irtf.org>; Sun, 16 Dec 2012 03:50:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1355658653; bh=cL52iwitghMaZfrvEGMLkBLUiS2q/99tQBFsAHaGh0g=; l=1127; h=Date:From:To:References:In-Reply-To; b=RIp7/y7tTKo38WhWbkZhQqgrxsZFmhhJufe0GTCoaMwFicPGE/CTclM/wsLDPsHzZ SBIn05wlmePxnvzIHqniwuy7/0ZZFCukLTaKkO41+ZcSQ3x4OCU2BBOBWjPjQl/0IU dXRumpgx5Al11BXCxmQjbbRzAGkHvWpwooGwoPfw=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wmail.tana.it with ESMTPSA; Sun, 16 Dec 2012 12:50:53 +0100 id 00000000005DC02B.0000000050CDB59D.00007EC9
Message-ID: <50CDB59D.1040403@tana.it>
Date: Sun, 16 Dec 2012 12:50:53 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: asrg@irtf.org
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20682.3413.665708.640636@world.std.com> <50CA0E91.2080304@mtcc.com> <20682.23612.451287.246798@world.std.com> <E26A6D4F-FC05-45B9-80F0-9E6F8A6A9713@blighty.com> <20682.31889.485606.165715@world.std.com> <50CAAD79.8040008@mustelids.ca>
In-Reply-To: <50CAAD79.8040008@mustelids.ca>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Dec 2012 11:50:56 -0000
On Fri 14/Dec/2012 05:39:21 +0100 Chris Lewis wrote: > Ooh, quantitative ;-) > > For grins, I took one of my smaller spamtraps and applied a 30 second > banner delay. I wanted to quantify > > "And a lot of spamware doesn't flunk." > > In the timestamps below, the change happened at 04:52. > > Flow per minute: > [snip] > 156 2012/12/14-04:51 > 30 2012/12/14-04:52 > > A 3:1 spam reduction is nothing to sneeze at. You need at least 15 daemons accepting 2 msgs/minute each to get 30 messages, while at, say, 60 msgs/minute 3 daemons can take 180. > Oh, as a FYI, relatively few connections failed to wait for the banner. Can you confirm the max-daemons limit wasn't hit? A deadly slow TCP backlog could cause clients to timeout. In that case, banner delay would work similar to random connection dropping as done, e.g. by stockade (see http://en.wikipedia.org/wiki/Stockade_%28software%29.) On a real MX, rather than being fixed at 30 seconds, the banner delay should be made proportional to the spammitude reckoned for the sending IP. Sort of tarpitting, perhaps not the FUSSP itself, but...
- [Asrg] An Anti-Spam Heuristic Adam Sobieski
- Re: [Asrg] An Anti-Spam Heuristic Steve Atkins
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic John Levine
- Re: [Asrg] An Anti-Spam Heuristic Adam Sobieski
- Re: [Asrg] An Anti-Spam Heuristic John Levine
- [Asrg] The Real Problem (was: An Anti-Spam Heuris… Andrew Sullivan
- Re: [Asrg] An Anti-Spam Heuristic Rich Kulawiec
- Re: [Asrg] An Anti-Spam Heuristic Bill Cole
- Re: [Asrg] An Anti-Spam Heuristic Bart Schaefer
- Re: [Asrg] The Real Problem Chris Lewis
- Re: [Asrg] The Real Problem Alessandro Vesely
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic Michael Thomas
- Re: [Asrg] The Real Problem (was: An Anti-Spam He… Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic John Leslie
- Re: [Asrg] An Anti-Spam Heuristic Seth
- Re: [Asrg] An Anti-Spam Heuristic Steve Atkins
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic Steve Atkins
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic Chris Lewis
- Re: [Asrg] An Anti-Spam Heuristic Barry Shein
- Re: [Asrg] An Anti-Spam Heuristic Michael Thomas
- Re: [Asrg] An Anti-Spam Heuristic Chris Lewis
- Re: [Asrg] An Anti-Spam Heuristic Chris Lewis
- [Asrg] Countering Botnets to Reduce Spam Adam Sobieski
- Re: [Asrg] Countering Botnets to Reduce Spam Chris Lewis
- Re: [Asrg] An Anti-Spam Heuristic Martijn Grooten
- Re: [Asrg] An Anti-Spam Heuristic Adam Sobieski
- Re: [Asrg] Countering Botnets to Reduce Spam Rich Kulawiec
- Re: [Asrg] Countering Botnets to Reduce Spam Adam Sobieski
- Re: [Asrg] Countering Botnets to Reduce Spam Chris Lewis
- Re: [Asrg] Countering Botnets to Reduce Spam Rich Kulawiec
- Re: [Asrg] An Anti-Spam Heuristic John Levine
- Re: [Asrg] An Anti-Spam Heuristic John Levine
- Re: [Asrg] Countering Botnets to Reduce Spam John Levine
- Re: [Asrg] An Anti-Spam Heuristic Chris Lewis
- Re: [Asrg] Countering Botnets to Reduce Spam Chris Lewis
- Re: [Asrg] Countering Botnets to Reduce Spam Chris Lewis
- Re: [Asrg] Countering Botnets to Reduce Spam Barry Shein
- Re: [Asrg] Countering Botnets to Reduce Spam Chris Lewis
- Re: [Asrg] An Anti-Spam Heuristic Alessandro Vesely
- Re: [Asrg] An Anti-Spam Heuristic Chris Lewis