[Asrg] Too Big to Block?

John Leslie <john@jlc.net> Wed, 08 July 2009 15:57 UTC

Return-Path: <john@jlc.net>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 124D13A69B8 for <asrg@core3.amsl.com>; Wed, 8 Jul 2009 08:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.311
X-Spam-Status: No, score=-6.311 tagged_above=-999 required=5 tests=[AWL=0.288, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id cu6IdlcDa6sx for <asrg@core3.amsl.com>; Wed, 8 Jul 2009 08:57:02 -0700 (PDT)
Received: from mailhost.jlc.net (mailhost.jlc.net []) by core3.amsl.com (Postfix) with ESMTP id 5AA403A6AAA for <asrg@irtf.org>; Wed, 8 Jul 2009 08:57:02 -0700 (PDT)
Received: by mailhost.jlc.net (Postfix, from userid 104) id 998C833C26; Wed, 8 Jul 2009 11:57:04 -0400 (EDT)
Date: Wed, 8 Jul 2009 11:57:04 -0400
From: John Leslie <john@jlc.net>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090708155704.GN15652@verdi>
References: <20090623213728.1825.qmail@simone.iecc.com> <4A41D773.50508@telmon.org> <4A41E506.2010106@mines-paristech.fr> <20090624160052.B5DC62428A@panix5.panix.com> <4A426B9D.7090901@mines-paristech.fr> <4A43618A.6000205@tana.it> <4A4F7DD0.4040404@billmail.scconsult.com> <4A51D35E.70306@tana.it> <4A52C36D.6040207@billmail.scconsult.com> <20090708141747.GA2822@gsp.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090708141747.GA2822@gsp.org>
User-Agent: Mutt/1.4.1i
Subject: [Asrg] Too Big to Block?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2009 15:57:07 -0000

Rich Kulawiec <rsk@gsp.org> wrote:
> On Mon, Jul 06, 2009 at 11:39:25PM -0400, Bill Cole wrote:
>> Large cheap and free mail providers understand the advantage they get 
>> from their scale in not needing to do as well with egress filtering as 
>> smaller mixed sources of mail. There is very little risk to them of 
>> missing 95% of their outbound spam, as long as they never drop legitimate 
>> outbound mail and keep their outbound legitimate mail volume large enough 
>> that it is hard for many sites to treat their mail as presumptive spam.

   This is true, but still there is in practice a _large_ variation in
percentage of spam spewed by the "large" email providers.

> And this in a nutshell is why so many "accountability" proposals,
> while curious/interesting academic exercises, are dead-on-arrival in
> the real world: these providers are TBTB (too big to block),

   "Blocking" the whole "domain" is not the only trick in our bag...

> they know it, and so no matter how many different technologies are
> deployed which repeatedly tell us what we've already known for years
> (e.g. "Hotmail sends enormous quantities of spam") nothing useful will
> happen as a result -- until/unless widespread refusal of traffic comes
> into play.

   "Hotmail sends enormous quantities of spam" isn't a very useful
factlet. Nonetheless, it does allow some email receivers to at least
graylist some Hotmail servers if the envelope-from isn't on a whitelist.

   More useful is something like, "Hotmail MTA #49 is sending more spam
than usual right now: more severe graylisting might be called for."

   Or, your reputation service might say, "We're concentrating our
pressure on Hotmail MTA #49 right now: please give it a hard time."

   The introduction of reputation services creates options for getting
the attention of the folks who maintain the MTAs of the large email

   If we insist on a world without reputation services (or ePostage),
Rich is correct that only "large" email receivers will be able to make a
dent in the practices of "large" email senders.


John Leslie <john@jlc.net>