Re: [Asrg] An Anti-Spam Heuristic

Barry Shein <bzs@world.std.com> Thu, 13 December 2012 22:53 UTC

Return-Path: <bzs@world.std.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B64C21F8866 for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 14:53:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.979
X-Spam-Level:
X-Spam-Status: No, score=-2.979 tagged_above=-999 required=5 tests=[AWL=-0.620, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCyoamCQyIqe for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 14:53:42 -0800 (PST)
Received: from TheWorld.com (pcls5.std.com [192.74.137.145]) by ietfa.amsl.com (Postfix) with ESMTP id 2439D21F8855 for <asrg@irtf.org>; Thu, 13 Dec 2012 14:53:39 -0800 (PST)
Received: from world.std.com (root@world.std.com [192.74.137.5]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id qBDMr855014322; Thu, 13 Dec 2012 17:53:19 -0500
Received: (from bzs@localhost) by world.std.com (8.13.6/8.13.6) id qBDMqiad002535; Thu, 13 Dec 2012 17:52:44 -0500 (EST)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20682.23612.451287.246798@world.std.com>
Date: Thu, 13 Dec 2012 17:52:44 -0500
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <50CA0E91.2080304@mtcc.com>
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20682.3413.665708.640636@world.std.com> <50CA0E91.2080304@mtcc.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Cc: Barry Shein <bzs@world.std.com>
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 22:53:59 -0000

On December 13, 2012 at 09:21 mike@mtcc.com (Michael Thomas) wrote:
 > On 12/13/2012 09:16 AM, Barry Shein wrote:
 > > There's also Jef Poskanzer's greymilter which basically requires one
 > > re-send from each never before seen mail server not in a white list.
 > >
 > > And sendmail (and others') HELO delay (delay sending HELO a short
 > > period of time) and don't speak until you're spoken to whatever they
 > > call it (I use it, the sender must wait for the SMTP responses, can't
 > > just dump an SMTP conversation at you.)
 > >
 > > They're basically isomorphic to hashcash type solutions, increase the
 > > sender's cost, but very transparent and quite clever because of that.
 > >
 > Given botnets, anything that tries to shift burden back onto the
 > sender is not very likely to be effective in the long run. Yes, you
 > might get some short term relief, but the firehose is just a software
 > update away.

Has this been measured (reference)? Or is this just one of those
"truisms" that kick around here?

I'm thinking that a spammer has to put out on the order of a billion
messages (attempts) per day to be interesting.

If you slowed those down that would be a blow to them, a billion times
even a little is a lot.

Sure, we can postulate infinite botted systems I suppose.

But that's still just a wild guess.

I'm not arguing for hashcash per se, I think it has other problems,
but I also wonder if this counter-claim is really true.

Or, put better, can we quantify it?


-- 
        -Barry Shein

The World              | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*