Re: [Asrg] An Anti-Spam Heuristic

Seth <sethb@panix.com> Thu, 13 December 2012 20:59 UTC

Return-Path: <sethb@panix.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EBDC21F8529 for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 12:59:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pkaj+1aq-reG for <asrg@ietfa.amsl.com>; Thu, 13 Dec 2012 12:59:41 -0800 (PST)
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by ietfa.amsl.com (Postfix) with ESMTP id 82E4021F8206 for <asrg@irtf.org>; Thu, 13 Dec 2012 12:59:41 -0800 (PST)
Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mailbackend.panix.com (Postfix) with ESMTP id 8A9532E085 for <asrg@irtf.org>; Thu, 13 Dec 2012 15:59:40 -0500 (EST)
Received: by panix5.panix.com (Postfix, from userid 756) id 735FE24248; Thu, 13 Dec 2012 15:59:40 -0500 (EST)
From: Seth <sethb@panix.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-reply-to: <20682.3413.665708.640636@world.std.com> (message from Barry Shein on Thu, 13 Dec 2012 12:16:05 -0500)
References: <SNT002-W143FB9A867C92FA80D90E04C54E0@phx.gbl> <DA14FA4D-13CB-4C61-90C4-4E690F0EC745@blighty.com> <SNT002-W1393526B62C0940EF697B2C54E0@phx.gbl> <20682.3413.665708.640636@world.std.com>
Message-Id: <20121213205940.735FE24248@panix5.panix.com>
Date: Thu, 13 Dec 2012 15:59:40 -0500 (EST)
Subject: Re: [Asrg] An Anti-Spam Heuristic
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 20:59:42 -0000

Barry Shein <bzs@world.std.com> wrote:

> There's also Jef Poskanzer's greymilter which basically requires one
> re-send from each never before seen mail server not in a white list.
>
> And sendmail (and others') HELO delay (delay sending HELO a short
> period of time) and don't speak until you're spoken to whatever they
> call it (I use it, the sender must wait for the SMTP responses, can't
> just dump an SMTP conversation at you.)
>
> They're basically isomorphic to hashcash type solutions, increase the
> sender's cost, but very transparent and quite clever because of that.

They have nothing to do with increasing the sender's cost.  Rather,
they take advantage of the fact that legitimate mailers implement the
RFCs in ways that spamware typically doesn't, so they test for that
and spamware flunks.

Seth