"Spammers tax DNS infrastructures"
John Navas
Spammers are straining the world's Domain Name System (DNS)
infrastructure. eWeek reports that emerging tactics - such as sending
bulk mailings at night from very-recently registered domains - are
placing a heavy load on DNS servers attempting to look-up
non-existent domains.
Bulk mailers are adopting the 'registration after sending' ruse to
make it more difficult for spam fighters to track junk mail attacks.
But the side effects include widespread message congestion. The
shutdown of domains by spammers shortly after a bulk mailout has been
sent out can also tax DNS servers trying to resolve defunct domains.
Sysadmins can do little except provision extra capacity. Solving the
problem might require a fundamental rethink of current internet
architectures.
[MORE]
Steve Pope
contributing to the cycle of escalating tactics that
server to overload the system.
If spammers were simply permitted to send all the email
they liked, then most of these types of problem, including
this one specifically, would go away entirely.
Steve
Catherine Hampton
wrote:
>If spammers were simply permitted to send all the email
>they liked, then most of these types of problem, including
>this one specifically, would go away entirely.
Yeah. Instead, we'd have other problems, like mail servers dying under the load
of incoming unsolicited and unwanted bulk email, and users giving up in disgust
when retrieving email from their servers took from a few minutes to a half hour
(for dial-up users). Those users that persisted would be faced with another
delay while they ran local spam filters on several hundred messages, or with a
mailbox in which a few wanted emails were hidden in a few hundred pieces of
unwanted junk.
Your "solution" would be disastrous, and probably would destroy email as a
viable tool for most people. :/
--
Catherine Hampton <ar...@spambouncer.org>
Home Page * <http://www.devsite.org/>
The SpamBouncer * <http://www.spambouncer.org/>
(Please use this address for replies -- the address in my header is a
spam trap.)
Steve Pope
>spo...@speedymail.org (Steve Pope) writes:
>> This is a good example of how self-styled spamfighters are
>> contributing to the cycle of escalating tactics that
>> serve to overload the system.
>> If spammers were simply permitted to send all the email
>> they liked, then most of these types of problem, including
>> this one specifically, would go away entirely.
>Huh?
If this isn't self-explanatory, I'm not sure where to begin.
S.
Steve Pope
> spo...@speedymail.org (Steve Pope) wrote:
>>If spammers were simply permitted to send all the email
>>they liked, then most of these types of problem, including
>>this one specifically, would go away entirely.
> Yeah. Instead, we'd have other problems, like mail servers
> dying under the load of incoming unsolicited and unwanted
> bulk email, and users giving up in disgust when retrieving
> email from their servers took from a few minutes to a half hour
> (for dial-up users). Those users that persisted would be faced
> with another delay while they ran local spam filters on several
> hundred messages, or with a mailbox in which a few wanted emails
> were hidden in a few hundred pieces of unwanted junk.
> Your "solution" would be disastrous, and probably would
> destroy email as a viable tool for most people. :/
Can you substantiate any of this? It doesn't correspond to
most knowledge on the suject.
Steve
John R Pierce
my personal mail server filters around 100 spams an hour now. I use a
combination of reverse DNS lookups, RBL, and content based (spamassassin)
filtering to score it. I quarantine most of the spam (except the highest
scoring 50% gets tossed right out) and I still don't have enough time to
carefully inspect my quarentine lists before plonking the mess.
anything that would increase spam volumes would be a VERY BAD THING.
Graham Freeman
> Can you substantiate any of this? It doesn't correspond to most
> knowledge on the suject.
Do you currently, or have you in the last two years, run an
internet-connected email server providing service to at least a dozen
individual humans?
I do, and have since 1999, and I don't agree with you on this particular
issue.
-Graham
Steve Pope
>On Tue, 11 Jan 2005, Steve Pope wrote:
>> Can you substantiate any of this? It doesn't correspond to most
>> knowledge on the suject.
>Do you currently, or have you in the last two years, run an
>internet-connected email server providing service to at least a dozen
>individual humans?
No I haven't.
> I do, and have since 1999, and I don't agree with you on this
> particular issue.
Here is my understanding:
(1) Spam-fighting measures have not reduced the volume of spam.
They have however led to more extreme measures by spammers, including
hijacking user's PC's and various forms of forgeries,
all of which lead to a reduction in service for users,
including the DNS problem that led to this thread.
(2) Spam comprises 75% of email; however email is only about
5% of the load on the network, and 5% or less of the processing
and storage capacities of most sites.
Combining these facts, we would all be better off to leave the
spam alone until it reaches the end-user level, and filter
it there.
What's your argument to the contrary, other than that "you
disagree"?
Steve
John Navas
In <nib6u05a89u8m9qjp...@news.lmi.net> on Mon, 10 Jan 2005
My personal mail filter has been simply Bayesian classification (with no use
of DNS), and is 99+% accurate, better in my experience than the combination of
DNS + RBL + SpamAssassin.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE MODEM/DSL GUIDE: <http://Cable-DSL.home.att.net/>
John Navas
In <DsCEd.1166$m31....@typhoon.sonic.net> on Mon, 10 Jan 2005 21:29:07 GMT,
John Navas <spamf...@navasgroup.com> wrote:
>[SNIP]
Excerpts from <http://www.eweek.com/article2/0,1759,1749328,00.asp>:
"Anti-spam systems have become heavily dependent on DNS for looking
at all kinds of blacklists, looking at headers, all of that," said
Paul Judge, a well-known anti-spam expert and chief technology
officer at CipherTrust Inc., a mail security vendor based in Atlanta.
"I've seen systems that have to do as many as 30 DNS calls on each
message. Even in large enterprises, it's becoming very common to see
a large spam load cripple the DNS infrastructure."
"We've had to reset our architecture to make nine DNS look-ups, which
is an insane amount. And we've bought a bunch of workstations and
small servers to use as redundant DNS servers because of the load,"
said Bill Franklin, president of Zero Spam Network Corp., an
anti-spam hosting provider based in Coral Gables, Fla. "The DNS
system is a good warning indicator."
"We have to figure out how to taper DNS services gracefully rather
than having catastrophic failures," said Paul Mockapetris, the author
of the first DNS implementation and chief scientist at Nominum Inc.,
based in Redwood City, Calif. "Mail look-up was the first application
put on top of DNS after I designed it, and I was so excited to see
that. And now, 20 years later, people are trying to figure out how to
stop doing mail look-up on DNS. It's bizarre."
ab...@mix.com
but evidently some crappy UK publication said -
> > Spammers are straining the world's Domain Name System (DNS)
> > infrastructure.
This is utter bullshit. In fact I wish some of them WOULD do some
lookups at least now and then...
Billy Y..
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> (1) Spam-fighting measures have not reduced the volume of spam.
Huh? Spam-fighting measures are designed to reduce the volume of spam to
the recipients on the receiving side of the system, not reduce spam
globally. Are you saying that spam-fighting measures are completely
ineffective? Mr. Navas claims "99+% accuracy" for his own measures...and
I have no reason to doubt that.
> They have however led to more extreme measures by spammers, including
> hijacking user's PC's and various forms of forgeries,
> all of which lead to a reduction in service for users,
> including the DNS problem that led to this thread.
I'm not sure I buy into the alarm concerning DNS load (I've been running
DNS servers for hundreds of domains in "anti-spam service" for over
fifteen years without difficulty), that aside, are you saying that we
need to knuckle under to spammers because if we don't they will do mean
and nasty things?
> (2) Spam comprises 75% of email; however email is only about
> 5% of the load on the network, and 5% or less of the processing
> and storage capacities of most sites.
Load on what network? That's a pretty general statement that doesn't
mean much.
> Combining these facts, we would all be better off to leave the
> spam alone until it reaches the end-user level, and filter
> it there.
In some cases, maybe. In others, no. There is no one-size-fits-all.
> What's your argument to the contrary, other than that "you
> disagree"?
The first thing I noticed when lifting all anti-spam measures (just for
fun) is that my mail spool space requirement trebled. And then, the
complant emails started up. I ended the experiment before any real
trouble started. I couldn't see any upside in ceasing to use anti-spam
measures.
--
John Higdon | Email Address Valid | SF: +1 415 428-COWS
+1 408 264 4115 | San Jose, CA |
Kevin McMurtrie
Kevin McMurtrie
John Navas <spamf...@navasgroup.com> wrote:
> [POSTED TO ba.internet - REPLY ON USENET PLEASE]
>
> In <DsCEd.1166$m31....@typhoon.sonic.net> on Mon, 10 Jan 2005 21:29:07 GMT,
> John Navas <spamf...@navasgroup.com> wrote:
>
> >[SNIP]
>
> Excerpts from <http://www.eweek.com/article2/0,1759,1749328,00.asp>:
>
> "Anti-spam systems have become heavily dependent on DNS for looking
> at all kinds of blacklists, looking at headers, all of that," said
> Paul Judge, a well-known anti-spam expert and chief technology
> officer at CipherTrust Inc., a mail security vendor based in Atlanta.
> "I've seen systems that have to do as many as 30 DNS calls on each
> message. Even in large enterprises, it's becoming very common to see
> a large spam load cripple the DNS infrastructure."
Aren't 29 of those 30 DNS calls to blacklist servers (DNSBL)? Why would
that have any significance on the root name servers? Is this due to
some kind of bonehead URL content checking?
>
> "We've had to reset our architecture to make nine DNS look-ups, which
> is an insane amount. And we've bought a bunch of workstations and
> small servers to use as redundant DNS servers because of the load,"
> said Bill Franklin, president of Zero Spam Network Corp., an
> anti-spam hosting provider based in Coral Gables, Fla. "The DNS
> system is a good warning indicator."
>
> "We have to figure out how to taper DNS services gracefully rather
> than having catastrophic failures," said Paul Mockapetris, the author
> of the first DNS implementation and chief scientist at Nominum Inc.,
> based in Redwood City, Calif. "Mail look-up was the first application
> put on top of DNS after I designed it, and I was so excited to see
> that. And now, 20 years later, people are trying to figure out how to
> stop doing mail look-up on DNS. It's bizarre."
Based on what I've seen, over 90% of spam refers to content hosted at a
small number of pro-spam ISPs. Spamhaus claims that 80% of spam is from
200 spammers. Everybody knows who those ISPs are but nobody seems to
have the balls to stop peering with them. Those ISPs have no incentives
to clean up.
John Higdon
Javier Henderson <jav...@KJSL.COM> wrote:
> The total volume of mail for all of the domains hosted here (personal
> stuff for me and many friends, and friends of friends, and various
> nonprofits) runs into 100,000 messages per day. I use Bayesian filters,
> and RBL's, procmail recipes, and so on. Every little helps, and what
> works for you and your user base might not scale. My aliases file has
> about 800 entries at the moment, how big is yours?
It's in that neighborhood. A man after my own heart. We call such things
"kitchen table backbones", although mine now occupies its own room full
of racks. The main point, however, is that "anti-spam" is not a
monolithic procedure, but rather a suite of techniques.
Blacklists are the front line (some of the lists I use only flag
messages to be weighed later), along with sender checking, header syntax
conformity, etc. Messages then go to the filters, which are tuned
according to many recipients wishes. Recipients even have the option of
no filtering whatsoever, including blacklists, but so far no one has
gone that route for more than a few hours without crying "Uncle".
Less then three percent of connections made to my servers actually
result in a message delivered to a recipient served by them. In other
words, more than 97% of all attempted incoming traffic is garbage.
Combined, the three servers open well into six figures of SMTP
connections per day.
In my case, "letting the users deal with it" would be nuts. Less
traffic'd sites' mileage may vary.
ab...@mix.com
> Based on what I've seen, over 90% of spam refers to content hosted at a
> small number of pro-spam ISPs. Spamhaus claims that 80% of spam is from
> 200 spammers. Everybody knows who those ISPs are but nobody seems to
> have the balls to stop peering with them. Those ISPs have no incentives
> to clean up.
Yes as I've said greed is a very ugly thing indeed.
Billy Y..
ab...@mix.com
> > My personal mail filter has been simply Bayesian classification (with
> > no use of DNS), and is 99+% accurate, better in my experience than the
> > combination of DNS + RBL + SpamAssassin.
> Good for you. How many messages does it handle per day?
When one gets as much garbage as me, even 99% is not all that hot. And
your message traffic is about 5 times mine.
Postini is probably the biggest and best of the filtering vendors, they
publish stats on their web site.
I too have to do some "post-processing" of my own...
I think big spam services like Postini have an substantial vested interest
in spamming continuing and continuing to grow, and while they are pretty
effective money spent there doesn't do a damn thing to actually solve the
problem. As opposed to everyone blackholing all of Korea and whoever else
really deserves it. Not that the big transit carriers ever will, but if
enough other nets did it'd eventually have about the same impact.
> My aliases file has
> about 800 entries at the moment, how big is yours?
My own domain's is quite small (maybe a couple dozen, heh..) but even so
it accounts for about 1/4 of all of Opus1's inbound message traffic - or
did prior to having Postini toss most of my stuff directly in the trash.
Billy Y..
Graham Freeman
> Here is my understanding:
>
> (1) Spam-fighting measures have not reduced the volume of spam.
Say what? Nobody can know how spam-fighting efforts, whether
technological or legislative in nature, have affected spamming attempts;
any statistics given for such a measurement would be guesswork at best.
However, I can see just from glancing at the logs of my mail servers that
many, many of the spamming attempts that reach my servers are deflected by
the anti-spam mechanisms I have in place. Of course, those attempts have
been made after getting around anti-spam mechanisms external to my
network, such as port 25 blocking on the part of ISPs. Many spam messages
get past my intentionally-permissive MTA-level anti-spam mechanisms, but
most of those in turn get caught by the LDA-level filtering which includes
content analysis and tagging by SpamAssassin.
The end result is that my customers, family/friends, and I all see many
fewer spam messages in our inboxes than would be the case if I didn't have
anti-spam mechanisms in place.
> They have however led to more extreme measures by spammers, including
> hijacking user's PC's and various forms of forgeries,
> all of which lead to a reduction in service for users,
You seem to be speculating as to what spammers would do in a world without
prevalent anti-spam mechanisms. That's like speculating as to what the
world would be like if Yitzhak Rabin hadn't been assassinated, or if the
Supreme Court hadn't decided the outcome of the 2000 U.S. presidential
election. Sure, you can speculate in a way that sounds plausible to some,
but it's still speculation.
Yes, it's true that e-mail is a battleground in an arms race. But the
same is true for any other realm of security - attackers will always exist
to test the efforts of defenders.
> including the DNS problem that led to this thread.
I think the DNS "problem" in question is overblown. If increasing the
load on a DNS server by three, thirteen, or thirty times causes it to fail
or become in danger of failing, then the people responsible for said DNS
services have been guilty of poor planning. DNS is not a particularly
challenging service to deploy in a reliable manner. Yes, it takes effort,
but nothing particularly remarkable.
> (2) Spam comprises 75% of email; however email is only about
> 5% of the load on the network, and 5% or less of the processing
> and storage capacities of most sites.
What network?
Processing and storage capacities of what sites?
Where are you getting your numbers? They're meaningless without more
specificity.
> Combining these facts, we would all be better off to leave the
> spam alone until it reaches the end-user level, and filter
> it there.
Those aren't facts. They're opinions with vague and therefore misleading
statistics. There's nothing wrong with having and voicing an opinion, but
once you call it a fact you up the ante in terms of having to defend it.
> What's your argument to the contrary, other than that "you
> disagree"?
It's definitely a shame that we can no longer simply set our MUAs to send
via our favourite SMTP server without having to worry about alternative
sending ports (e.g. 587), authentication (SMTP-AUTH), and ideally
transport-level encryption such as TLS. There has indeed been a marked
increase in the overhead required for using e-mail services. However,
e-mail services have become at least as important and useful - in fact, I
think e-mail services have become dramatically more valuable over time
despite the hamstringing effect spam and spam-fighting has had on the
medium.
-Graham
Catherine Hampton
wrote:
>> Your "solution" would be disastrous, and probably would
>> destroy email as a viable tool for most people. :/
>
>Can you substantiate any of this? It doesn't correspond to
>most knowledge on the suject.
It corresponds to "most" knowledge on the subject. I hang out on mailing lists
with system administrators and abuse administrators at most of the major ISPs,
including AOL, Earthlink/Mindspring, etc. I based what I said on the data
they've posted and comments they've made.
It might not correspond to your knowledge on the subject, of course. You'll
have to forgive me if I put more weight on theirs. ;-)
Catherine Hampton
>> My personal mail filter has been simply Bayesian classification (with no use
>> of DNS), and is 99+% accurate, better in my experience than the combination of
>> DNS + RBL + SpamAssassin.
>
>Good for you. How many messages does it handle per day?
Yeah.
John, I think that's the issue for ISP administrators and system administrators
of mail servers that handle large numbers of users and large volumes of email.
If you do all your own filtering on your own local computer, and handle only
your own email, you probably have fewer than a couple thousand
incoming emails a day at worst. That can be handled by a decent Bayesian filter
and a CPU with a little horsepower without delaying email delivery hugely (most
of us can live with a few minutes delay) and without making the computer useless
for other tasks.
Try that with 50 to 100 users with that mail volume and you'd find out quickly
what the limitations on a Bayesian filter are. <wry grin>
Steve Pope
>On Tue, 11 Jan 2005, Steve Pope wrote:
>> (1) Spam-fighting measures have not reduced the volume of spam.
> Say what? Nobody can know how spam-fighting efforts, whether
> technological or legislative in nature, have affected spamming
> attempts; any statistics given for such a measurement would be
> guesswork at best.
By this I mean, the volume of spam has continued to go up, therefore
spam fighting efforts have not reduced it.
No guesswork involved.
Steve
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> By this I mean, the volume of spam has continued to go up, therefore
> spam fighting efforts have not reduced it.
I have no pretensions or illusions about reducing the amount of spam in
the world. All I can do is reduce the amount of spam that ends up in my
spools. So-called anti-spam measures are significantly effective at that
task. As the amount of spam in the world increases, the more important
these measures are (to me, anyway).
Graham Freeman
It's definitely true that in 2005 more spam messages slip past my filters
and into my inbox every day than I saw in a week (perhaps even a month) in
1995 without so much as SMTP relay controls. Spam is certainly a scourge
of electronic communication. But spam-fighting efforts happen because
end-users *want* them to happen. End-users want effective anti-spam
mechanisms because without them the signal-to-noise ratio of e-mail makes
e-mail useless. No anti-spam mechanism can be 100% effective without
making e-mail useless by blocking most or all legitimate mail; indeed,
there is no perfect solution for any problem. But just because we don't
have a perfect solution doesn't mean that I should test the devotion of my
customers by disabling my anti-spam mechanisms. Or do you really think
that the spammers would stop spamming if only those pesky anti-spammers
would just take up some other hobby? Take a look at their motivations:
The spammers do it for money because there's always some fool who'll click
on a link and buy something via a spamvertisement. The anti-spammers do
what they do to keep e-mail usable for end-users. In that respect, one
could say that the anti-spammers are helping to keep the spammers in
business, because if 9/10 messages in my inbox were spam I'd certainly
spend more time on the phone. But that doesn't mean that anti-spam
mechanisms are harmful or useless.
-Graham
Steve Pope
> Or do you really think that the spammers would stop spamming
> if only those pesky anti-spammers would just take up some
> other hobby?
No, I don't think they would stop spamming, but they would
use less extreme techniques, and possibly originate less
spam, if their spam was reliably carried through the network
to the recipient, who is then free to filter it.
Steve
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> No, I don't think they would stop spamming, but they would
> use less extreme techniques, and possibly originate less
> spam, if their spam was reliably carried through the network
> to the recipient, who is then free to filter it.
Why does it matter to spammers who filters it?
Steve Pope
> spo...@speedymail.org (Steve Pope) wrote:
>> No, I don't think they would stop spamming, but they would
>> use less extreme techniques, and possibly originate less
>> spam, if their spam was reliably carried through the network
>> to the recipient, who is then free to filter it.
>Why does it matter to spammers who filters it?
Because if a spammer needs to get 40 million pieces of
spam into the hands of end-users (who may or may not filter it),
and there is no other filtering in the network, then
the spammer only needs to send 40 million spams.
Whereas if faced with the requirement of getting 40 million spams
to end users (who may or may not filter it), and a network that
is itself blocking 95% of the spam, then the spammer needs to
send 800 million pieces of spam, and possibly must do it
in a more "creative" fashion by hijacking machines, creating
lots of DNS records, and whatnot.
This is why intra-network spam blocking worsens, rather than
improves, the spam situation. It escalates the problem.
Steve
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> Because if a spammer needs to get 40 million pieces of
> spam into the hands of end-users (who may or may not filter it),
> and there is no other filtering in the network, then
> the spammer only needs to send 40 million spams.
How would a spammer know where (or even if) anything is being filtered?
> Whereas if faced with the requirement of getting 40 million spams
> to end users (who may or may not filter it), and a network that
> is itself blocking 95% of the spam, then the spammer needs to
> send 800 million pieces of spam, and possibly must do it
> in a more "creative" fashion by hijacking machines, creating
> lots of DNS records, and whatnot.
And you are convinced that spammers wouldn't do that otherwise? Again,
how would they know?
> This is why intra-network spam blocking worsens, rather than
> improves, the spam situation. It escalates the problem.
So, let me see if I got this right:
I shouldn't protect my network in the most expeditious way because that
is not fair to spammers, who have a right to flood my network with
trash, whether I like it or not. Spaamers have a right to send garbage
to my users, whether they like it or not. If I would anly allow them to
clog my spool and my users' in-boxes with their trash, they would back
off and send fewer messages.
Is that the essence of what you are saying? Your basic premise seems to
hinge on the notion that spammers have some sort of intrinsic right to
do what they do and that my interference with that right on my part is
somehow wrong.
Steve Pope
> spo...@speedymail.org (Steve Pope) wrote:
>> Because if a spammer needs to get 40 million pieces of
>> spam into the hands of end-users (who may or may not filter it),
>> and there is no other filtering in the network, then
>> the spammer only needs to send 40 million spams.
>How would a spammer know where (or even if) anything is being filtered?
The best assumption is that spammers know their business,
and have a good estimate of how spam is blocked and how much
gets through.
>> Whereas if faced with the requirement of getting 40 million spams
>> to end users (who may or may not filter it), and a network that
>> is itself blocking 95% of the spam, then the spammer needs to
>> send 800 million pieces of spam, and possibly must do it
>> in a more "creative" fashion by hijacking machines, creating
>> lots of DNS records, and whatnot.
>And you are convinced that spammers wouldn't do that otherwise?
My belief is spammers did not employ these more extreme
measures until after they were faced with blocking tactics.
>> This is why intra-network spam blocking worsens, rather than
>> improves, the spam situation. It escalates the problem.
>So, let me see if I got this right:
> I shouldn't protect my network in the most expeditious way
> because that is not fair to spammers, who have a right to flood
> my network with trash, whether I like it or not.
No, spammers have no such rights. They should be arrested and
imprisoned. (Maybe put on trial inbetween.) However, I believe
we'd all be better off if networks were neutral, efficient
transporters of all email.
> If I would anly allow them to clog my spool and my users'
> in-boxes with their trash, they would back off and send fewer
> messages.
In your case, you are "close" to your end-users in relative terms.
What you are doing is not that much different than end-user
filtering. So what you're doing isn't so bad. But the deeper in the
network spam blocking occurs, the more the potential for escalating
the problem.
Steve
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> The best assumption is that spammers know their business,
> and have a good estimate of how spam is blocked and how much
> gets through.
But they don't KNOW. If any of us stopped (or started) filtering at the
server level, they would be none the wiser.
> My belief is spammers did not employ these more extreme
> measures until after they were faced with blocking tactics.
Believe what you want. Spam has been spam all along: forged headers,
lifting addresses from questionable sources, using open relays,
dictionary attacks, etc., etc. What they are doing now is just a natural
progression of tactics to pump out more and more. Spammers' goal has
always been to send out as much crap as possible. The more spam, the
more money they make.
> No, spammers have no such rights. They should be arrested and
> imprisoned. (Maybe put on trial inbetween.) However, I believe
> we'd all be better off if networks were neutral, efficient
> transporters of all email.
But networks aren't "neutral". Networks are designed to serve their
users, not spammers. Right there, that makes them not "neutral".
> In your case, you are "close" to your end-users in relative terms.
My users in New York, Connecticut, and Arkansas will be amused at that
one.
> What you are doing is not that much different than end-user
> filtering. So what you're doing isn't so bad. But the deeper in the
> network spam blocking occurs, the more the potential for escalating
> the problem.
What do you mean "deeper in the network"? Email is peer-to-peer. My
servers talk directly with Earthlink, AOL, MSN, etc., etc. In terms of
network hierarchy, the mail systems are at the same level. ANYONE who
operates a resolving SMTP server that receives email directly from other
servers globally is a peer to any other such system.
The fact is that anyone who operates an email server for even just a few
people employs at least some anti-spam techniques. The larger the
system, the greater the need for filtering. I seriously doubt that you
would ever convince any operator of a significant mail hub that his best
interests would be served by letting it all pile in.
ab...@mix.com
> Because if a spammer needs to get 40 million pieces of
This is where your assumption falls flat on its face.
The spammer doesn't "need" a damn thing here, period.
Said spammer may want to steal services from 40 million
people, but that remains theft of service regardless.
Billy Y..
Steve Pope
>Steve Pope <spo...@speedymail.org> writes:
>> Because if a spammer needs to get 40 million pieces of
>This is where your assumption falls flat on its face.
>The spammer doesn't "need" a damn thing here, period.
You're out of touch. Disgusting and illegal as spamming
may be, it is still a business, and a spammer must still
deliver as promised to his customers, otherwise he is
out of work. Which means turning up the volume to deal
with obstructions.
The laws of economics apply to spamming just the same
as anything else.
Steve
Rahul Dhesi
>I think you're wrong. UPS, for example, will have audits and QC
>processes in place to verify that packages are being delivered as they
>should.
>But spammers? They just deploy their warez and move on.
Wouldn't the spammer need some rate of return in order for his spamming
to be cost-effective?
If he is a spammer for hire, he won't get repeat business without some
real results, i.e., a certain rate at which his spam victims end up
buying from the spammer's customers.
If he is spamming for himself, then again, he won't bother spamming
unless he is getting an adequate rate of return.
So it seems to me that spammers will have some auditing mechanism in
place, how informal/unreliable/approximate it might be, that measures
successfuls sales. Otherwise, why bother sending spam at all?
--
Rahul
Kevin McMurtrie
spo...@speedymail.org (Steve Pope) wrote:
You don't get out much, do you?
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> You're out of touch. Disgusting and illegal as spamming
> may be, it is still a business, and a spammer must still
> deliver as promised to his customers, otherwise he is
> out of work. Which means turning up the volume to deal
> with obstructions.
Burglary is a business. Shall we leave our doors unlocked to make it
easier on these people?
> The laws of economics apply to spamming just the same
> as anything else.
That's why we take measures.
John Higdon
Javier Henderson <jav...@KJSL.COM> wrote:
> I think you're wrong. UPS, for example, will have audits and QC
> processes in place to verify that packages are being delivered as they
> should.
>
> But spammers? They just deploy their warez and move on.
A spammer has no idea what gets through and what doesn't. Since
everything is fake, bounces are simply thrown on the floor. The spammers
don't even really know what the response rate is, since that data is
kept by the spammers' customers.
All we can do is minimize the impact that results from spamming on our
own networks.
And do I care if a spammer cannot "make a living"? Yes! I hope they
starve.
ab...@mix.com
> You're out of touch. Disgusting and illegal as spamming
> may be, it is still a business
No, it is a criminal enterprise. That's why it is not only
disgusting but illegal as well.
And the only thing lamer than that itself would be catering
to all these criminals and their criminal behavior like they
actually had some 'right' to do it.
If various nets are having spam generated problems then let
all those bozos blackhole the offending nets like they should
be doing in the first place.
Anything else is just plain old buillshit, period.
Billy Y..
news.engr.sgi.com
There is clearly a food chain from product to spammer and I suspect that
product supplier would clearly find a way to stop funding whatever go
betweens are funding the spammer pretty quickly.
You might say the product is clearly not a knowledgeable contributor to this
illegal act but I believe they do have knowledge but use plausible
deniability.
Their are precedents in other areas of the law where seemingly innocent
people lose their property because it was part of an illegal act.
Second we should all go to certified mail. Only mail from certified mail
servers should be accepted by browsers.
Yea it breaks a lot of things but it will break a good portion of this as
well.
<ab...@MIX.COM> wrote in message news:cs3lnp$1mt$1...@reader2.panix.com...
The entity once known as trebor@sirius.com
><ab...@MIX.COM> wrote:
>
>>Steve Pope <spo...@speedymail.org> writes:
>
>>> Because if a spammer needs to get 40 million pieces of
>
>>This is where your assumption falls flat on its face.
>>The spammer doesn't "need" a damn thing here, period.
>
>You're out of touch. Disgusting and illegal as spamming
>may be, it is still a business
It's a business like burglary and fencing stolen goods are businesses.
I suppose that if we allowed burglars to ply their trade unmolested,
they would steal less.
>The laws of economics apply to spamming just the same
>as anything else.
What we need to do is apply criminal law.
John Richards
news:sckbu0hiilm0si5pb...@news.supernews.com...
>
> What we need to do is apply criminal law.
Already happening:
http://www.spamhaus.org/news.lasso?article=155
http://www.spamhaus.org/news.lasso?article=152
--
John Richards
Brad Allen
Steve Pope <spo...@speedymail.org> wrote:
" This is a good example of how self-styled spamfighters are
" contributing to the cycle of escalating tactics that
" server to overload the system.
"
" If spammers were simply permitted to send all the email
" they liked, then most of these types of problem, including
" this one specifically, would go away entirely.
"
" Steve
Mr. Pope,
We should just abolish laws about theft and murder, too, while we're
at it, so then we wouldn't have all of these problems of having to pay
for goverment to help police the criminals, and housing the criminals
too, according to your philosophy. We'd call it anarchy. If you
really want that, find your own spot in the world to do it; don't
impose it upon the USA.
Graham Freeman
> Because if a spammer needs to get 40 million pieces of
> spam into the hands of end-users (who may or may not filter it),
> and there is no other filtering in the network, then
> the spammer only needs to send 40 million spams.
>
> Whereas if faced with the requirement of getting 40 million spams
> to end users (who may or may not filter it), and a network that
> is itself blocking 95% of the spam, then the spammer needs to
> send 800 million pieces of spam, and possibly must do it
> in a more "creative" fashion by hijacking machines, creating
> lots of DNS records, and whatnot.
>
> This is why intra-network spam blocking worsens, rather than
> improves, the spam situation. It escalates the problem.
>
> Steve
I find that, when faced with complacent prey, most bullies tend to take
more, not less. To do otherwise implies a sense of fairness and decency,
which spammers and other social misfits don't exhibit.
If you'd like to run a mail service without any anti-spam mechanisms,
nobody is stopping you. It might be an interesting experiment. But I
wouldn't hold out any hope for convincing other e-mail admins to do
likewise.
-Graham
Kevin McMurtrie
c.c....@XReXXyetXa.usenet.us.com (Rahul Dhesi) wrote:
> Javier Henderson <jav...@KJSL.COM> writes:
>
> >I think you're wrong. UPS, for example, will have audits and QC
> >processes in place to verify that packages are being delivered as they
> >should.
>
> >But spammers? They just deploy their warez and move on.
>
> Wouldn't the spammer need some rate of return in order for his spamming
> to be cost-effective?
>
> If he is a spammer for hire, he won't get repeat business without some
> real results, i.e., a certain rate at which his spam victims end up
> buying from the spammer's customers.
>
> If he is spamming for himself, then again, he won't bother spamming
> unless he is getting an adequate rate of return.
Stealing just one credit card and identity profile is a pretty good
return rate. Hack/crack/sniff somebody's ISP password and your web
hosting services for the next scam are all ready to go.
> So it seems to me that spammers will have some auditing mechanism in
> place, how informal/unreliable/approximate it might be, that measures
> successfuls sales. Otherwise, why bother sending spam at all?
They're making plenty of money and the cost of spamming is still
insignificant.
Steve Pope
>Mr. Pope,
>We should just abolish laws about theft and murder, too, while we're
>at it, so then we wouldn't have all of these problems of having to pay
>for goverment to help police the criminals, and housing the criminals
>too, according to your philosophy. We'd call it anarchy.
I never said I wanted spamming to be legal. It is, and should be,
illegal and criminally prosecuted.
What I'm opposed to is wrong-headed spam-fighting tactics that
escalate the situation and make life worse for everyone.
An analogy is the "war on drugs", which has converted formerly
friendly neighborhood dealers into gun-weilding homocidal types.
Escalation is a bad idea.
> If you really want that, find your own spot in the world to
> do it; don't impose it upon the USA.
Last I checked, my vote was as good as yours.
Steve
Graham Freeman
> An analogy is the "war on drugs", which has converted formerly friendly
> neighborhood dealers into gun-weilding homocidal types. Escalation is a
> bad idea.
I don't think it's as simple as that. Symantec and other businesses with
a vested interest in seeing spam continue have nothing on the
military-industrial complex. Yes, the situations bear some similarities,
but there are strong individual and property rights that play into the
spam/anti-spam situation in a very different way than they do in the civil
rights and military/police state issues.
-Graham
John Higdon
spo...@speedymail.org (Steve Pope) wrote:
> I never said I wanted spamming to be legal. It is, and should be,
> illegal and criminally prosecuted.
But you don't want any of those suffering actual harm (network
operators) to protect themselves in any way?
> What I'm opposed to is wrong-headed spam-fighting tactics that
> escalate the situation and make life worse for everyone.
Can you provide any evidence whatsoever that spam filtering "escalates
the situation"? This seems to have popped out of your head and you bandy
it about as gospel truth. What makes protecting one's self
"wrong-headed"?
> An analogy is the "war on drugs", which has converted formerly
> friendly neighborhood dealers into gun-weilding homocidal types.
> Escalation is a bad idea.
Great analogy, but it completely disproves your assertion. If you don't
see my point, email me.
> Last I checked, my vote was as good as yours.
There is only one vote when it comes to operating my network: mine.
Yours doesn't count.
John Higdon
Graham Freeman <gra...@jahiel.net> wrote:
> I don't think it's as simple as that. Symantec and other businesses with
> a vested interest in seeing spam continue have nothing on the
> military-industrial complex. Yes, the situations bear some similarities,
> but there are strong individual and property rights that play into the
> spam/anti-spam situation in a very different way than they do in the civil
> rights and military/police state issues.
The WOD is a problem due to over-zealous law enforcement, not
individuals looking out for themselves. I'm not so sure I want the
government telling me how to run my network.
Graham Freeman
> The WOD is a problem due to over-zealous law enforcement, not
> individuals looking out for themselves. I'm not so sure I want the
> government telling me how to run my network.
I agree.
-Graham
John Navas
In <86mzvgi...@skylane.kjsl.com> on 11 Jan 2005 00:19:47 -0800, Javier
Henderson <jav...@KJSL.COM> wrote:
>John Navas <spamf...@navasgroup.com> writes:
>
>> In <nib6u05a89u8m9qjp...@news.lmi.net> on Mon, 10 Jan 2005
>> 17:42:11 -0800, John R Pierce <sp...@is.invalid> wrote:
>> My personal mail filter has been simply Bayesian classification (with no use
>> of DNS), and is 99+% accurate, better in my experience than the combination of
>> DNS + RBL + SpamAssassin.
>
>Good for you. How many messages does it handle per day?
>
>The total volume of mail for all of the domains hosted here (personal
>stuff for me and many friends, and friends of friends, and various
>nonprofits) runs into 100,000 messages per day. I use Bayesian filters,
>and RBL's, procmail recipes, and so on. Every little helps, and what
>works for you and your user base might not scale. My aliases file has
>about 800 entries at the moment, how big is yours?
How is that relevant to the question of effectiveness? That accuracy is
measured over many thousands of messages, and is consistent with the
experience of many other users of Bayesian classification. Scaling is simply
a matter of resources.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE MODEM/DSL GUIDE: <http://Cable-DSL.home.att.net/>
John Navas
In <cs10fi$19p$1...@reader2.panix.com> on Tue, 11 Jan 2005 16:56:19 +0000 (UTC),
ab...@MIX.COM wrote:
>Javier Henderson <jav...@KJSL.COM> writes:
>
>> > My personal mail filter has been simply Bayesian classification (with
>> > no use of DNS), and is 99+% accurate, better in my experience than the
>> > combination of DNS + RBL + SpamAssassin.
>
>> Good for you. How many messages does it handle per day?
>
>When one gets as much garbage as me, even 99% is not all that hot. ...
To my knowledge, that's as good as it gets -- I know of no other method as
good, much less better, and those that do get close typically do so at the
expense of collateral damage (false positives).
>... As opposed to everyone blackholing all of Korea and whoever else
>really deserves it. ...
Otherwise known as collateral damage. No thanks.
John Navas
In <1lp8u0her9td29oj5...@4ax.com> on Tue, 11 Jan 2005 23:54:35
GMT, Catherine Hampton <spam...@spambouncer.org> wrote:
>On 11 Jan 2005 00:19:47 -0800, Javier Henderson <jav...@KJSL.COM> wrote:
>
>>> My personal mail filter has been simply Bayesian classification (with no use
>>> of DNS), and is 99+% accurate, better in my experience than the combination of
>>> DNS + RBL + SpamAssassin.
>>
>>Good for you. How many messages does it handle per day?
>
>Yeah.
>
>John, I think that's the issue for ISP administrators and system administrators
>of mail servers that handle large numbers of users and large volumes of email.
>If you do all your own filtering on your own local computer, and handle only
>your own email, you probably have fewer than a couple thousand
>incoming emails a day at worst. That can be handled by a decent Bayesian filter
>and a CPU with a little horsepower without delaying email delivery hugely (most
>of us can live with a few minutes delay) and without making the computer useless
>for other tasks.
>
>Try that with 50 to 100 users with that mail volume and you'd find out quickly
>what the limitations on a Bayesian filter are. <wry grin>
I've run careful tests of the amount of horsepower required, and it was no
worse than the multi-stage filtering used by ISPs like Sonic.
John Navas
In <fraud-and-spam-trap-...@equine.announcetech.com> on Thu,
13 Jan 2005 07:35:45 -0800, John Higdon
<fraud-and...@verislimesucks.com> wrote:
>In article <cs59b6$2qj$1...@blue.rahul.net>,
> spo...@speedymail.org (Steve Pope) wrote:
>> What I'm opposed to is wrong-headed spam-fighting tactics that
>> escalate the situation and make life worse for everyone.
>
>Can you provide any evidence whatsoever that spam filtering "escalates
>the situation"? ...
I think he did that by pointing out that spammers are moving to ever more
harmful methods to circumvent current filtering methods. That has turned
cracking into a commercial opportunity, which I find alarming.
>> An analogy is the "war on drugs", which has converted formerly
>> friendly neighborhood dealers into gun-weilding homocidal types.
>> Escalation is a bad idea.
>
>Great analogy, but it completely disproves your assertion. ...
I think it's actually much the same thing. Fundamental problems in the war on
drugs are demand, not supply, the negative consequences of anti-drug efforts
(criminalization and enforcement). Likewise spam, where fundamental problems
are that spam works and the negative consequences of (well-intentioned but
misguided) anti-spam efforts.
John Navas
In <mcmurtri-88E453...@corp-radius.supernews.com> on Tue, 11 Jan
2005 00:24:27 -0800, Kevin McMurtrie <mcmu...@dslextreme.com> wrote:
>In article <ngIEd.1373$m31....@typhoon.sonic.net>,
> John Navas <spamf...@navasgroup.com> wrote:
>
>> In <DsCEd.1166$m31....@typhoon.sonic.net> on Mon, 10 Jan 2005 21:29:07 GMT,
>> John Navas <spamf...@navasgroup.com> wrote:
>>
>> >[SNIP]
>>
>> Excerpts from <http://www.eweek.com/article2/0,1759,1749328,00.asp>:
>>
>> "Anti-spam systems have become heavily dependent on DNS for looking
>> at all kinds of blacklists, looking at headers, all of that," said
>> Paul Judge, a well-known anti-spam expert and chief technology
>> officer at CipherTrust Inc., a mail security vendor based in Atlanta.
>> "I've seen systems that have to do as many as 30 DNS calls on each
>> message. Even in large enterprises, it's becoming very common to see
>> a large spam load cripple the DNS infrastructure."
>
>Aren't 29 of those 30 DNS calls to blacklist servers (DNSBL)? Why would
>that have any significance on the root name servers? Is this due to
>some kind of bonehead URL content checking?
I don't think so. From what I've seen, the majority of the increased DNS load
comes from validating domains. When those domains don't exist, that load hits
the root name servers.
>> "We've had to reset our architecture to make nine DNS look-ups, which
>> is an insane amount. And we've bought a bunch of workstations and
>> small servers to use as redundant DNS servers because of the load,"
>> said Bill Franklin, president of Zero Spam Network Corp., an
>> anti-spam hosting provider based in Coral Gables, Fla. "The DNS
>> system is a good warning indicator."
>>
>> "We have to figure out how to taper DNS services gracefully rather
>> than having catastrophic failures," said Paul Mockapetris, the author
>> of the first DNS implementation and chief scientist at Nominum Inc.,
>> based in Redwood City, Calif. "Mail look-up was the first application
>> put on top of DNS after I designed it, and I was so excited to see
>> that. And now, 20 years later, people are trying to figure out how to
>> stop doing mail look-up on DNS. It's bizarre."
>
>Based on what I've seen, over 90% of spam refers to content hosted at a
>small number of pro-spam ISPs.
My own observation is that spam sources are quite diffuse, as in the case of
hijacked systems.
>Spamhaus claims that 80% of spam is from
>200 spammers.
That's a different matter.
>Everybody knows who those ISPs are but nobody seems to
>have the balls to stop peering with them. Those ISPs have no incentives
>to clean up.
I don't think that would be any more effective than proven-futile efforts to
close open relays.
To have a meaningful impact on the ever increasing flood of spam, I think you
have to change the basic cost-benefit equation.
John Navas
In <fraud-and-spam-trap-...@equine.announcetech.com> on Mon,
10 Jan 2005 23:20:23 -0800, John Higdon
<fraud-and...@verislimesucks.com> wrote:
>In article <crvhj5$dkf$1...@blue.rahul.net>,
> spo...@speedymail.org (Steve Pope) wrote:
>
>> (1) Spam-fighting measures have not reduced the volume of spam.
>
>Huh? Spam-fighting measures are designed to reduce the volume of spam to
>the recipients on the receiving side of the system, not reduce spam
>globally. ...
Many spam-fighters (e.g., ORBS aka "Open Relay Behavior-modification System"
and its ilk) claim to have a global reduction of spam as their justification.
djl
wrote:
~Can you substantiate any of this? It doesn't correspond to
~most knowledge on the suject.
~
My brother gets more than enough spam to substantiate this. His former
provider's email server was twice used by spammers to send bulk mail to all of
the subscribers. At one point he had to download over five hundred emails
received during a three day interval when email could not be accessed because
the email server was collapsing under the load the spammers had placed on it.
This ISP had not designed their email server to process a million messages per
hour. Approximately 10% of the messages contained some species of malware
(virus, worm or trojan) in an attachment and only a fraction over 12% was
legitimate email.
My closely held seldom used AT&T business services address had turned into a
spam bucket before I terminated the service. The address often received 100
junk mail messages each day. Not much by some standards but more than enough to
make the address useless to me.
I agree with Catherine, your proposal would turn email into a non viable
communications medium.
JC Dill
>My closely held seldom used AT&T business services address had turned into a
>spam bucket before I terminated the service. The address often received 100
>junk mail messages each day. Not much by some standards but more than enough to
>make the address useless to me.
I have a domain that I've used since 1996. I created various
throw-away accounts in that domain that I used to post to usenet and
various mailing lists over the years, there are over a dozen such
addresses archived in google. At some point some spammer decided that
my domain had enough exposed accounts that it would be worthwhile to
start a dictionary attack at my domain and send email to accounts that
had never existed (bobby@, frank@, wilma@, etc). Because I had been
making up new addresses at will for signing up with various websites
(to track if they were leaking my email address to their
"affiliates"), I had too many undocumented legitimate addresses I had
created that I couldn't list as "approved" addresses (in order to
automatically reject all the spammer created unapproved addresses).
I have a new domain, and I tried forwarding all the email from the old
domain to my new domain host. Their server completely choked when it
tried to spam filter this stream. The old domain was filtering out
much of the spam load before delivering it to my mailboxes, but when I
implemented the forward, they forwarded the email *before* filtering,
and I discovered that it was getting in excess of 30,000 spams a day.
Fortunately I have a friend who works at a medium sized telco/ISP who
has an amazing spam filtering system. So now I forward the old domain
to my friend's ISP where they filter it and then deliver the rest to a
mailbox that I'm constantly checking and emptying. Each week I get
about a dozen non-spams to the old domain (I'm still notifying senders
of my new domain), and I still get about 10,000 spams a week that get
thru the ISPs filters. I'm told that this ISP filters out over 95% of
all email received as spam before delivering the remaining email (some
spam that evades their filters, the rest desired email) to user
mailboxes. So that means that I'm still getting in excess of 200,000
spam messages a week to my old domain. I just checked it, I received
over 500 spams (that evaded the 95% filters) since 5 hours ago.
jc
John Navas
In <86oefs4...@skylane.kjsl.com> on 13 Jan 2005 22:22:39 -0800, Javier
Henderson <jav...@KJSL.COM> wrote:
>John Navas <spamf...@navasgroup.com> writes:
>
>> In <86mzvgi...@skylane.kjsl.com> on 11 Jan 2005 00:19:47 -0800, Javier
>> Henderson <jav...@KJSL.COM> wrote:
>>
>> >John Navas <spamf...@navasgroup.com> writes:
>> >
>> >> In <nib6u05a89u8m9qjp...@news.lmi.net> on Mon, 10 Jan 2005
>> >> 17:42:11 -0800, John R Pierce <sp...@is.invalid> wrote:
>>
>> >> My personal mail filter has been simply Bayesian classification (with no use
>> >> of DNS), and is 99+% accurate, better in my experience than the combination of
>> >> DNS + RBL + SpamAssassin.
>> >
>> >Good for you. How many messages does it handle per day?
>> >
>> >The total volume of mail for all of the domains hosted here (personal
>> >stuff for me and many friends, and friends of friends, and various
>> >nonprofits) runs into 100,000 messages per day. I use Bayesian filters,
>> >and RBL's, procmail recipes, and so on. Every little helps, and what
>> >works for you and your user base might not scale. My aliases file has
>> >about 800 entries at the moment, how big is yours?
>>
>> How is that relevant to the question of effectiveness? That accuracy is
>> measured over many thousands of messages, and is consistent with the
>> experience of many other users of Bayesian classification. Scaling is simply
>> a matter of resources.
>
>Training the Bayesian filters gets more complicated (or doesn't get
>done as well) as you get more users, particularly if many of your
>users are appliance operators (end users, consumers, whatever you want
>to call them) as opposed to computer geeks who will be more inclined
>to take the time to claissify messages and tell the Bayesian filters
>what is spam and it missed, and what isn't spam and it tagged.
That's not my experience, which is that Bayesian filters are rapidly trained
with a relatively small number of messages (as little as a few hundred), and
are relatively easy to maintain as compared to the maintenance of other spam
filtering methods. A typical approach is to have users forward false
negatives to a spam mailbox for review and possible training. A number of
good, scalable mail servers (e.g., MDaemon) now come with Bayesian filtering
built-in.
John Navas
<http://www.theregister.co.uk/2005/01/14/verizon_email_block/>
US ISP Verizon is persisting with a controversial policy of blocking
email sent from Europe. Since 22 December, mail servers at
verizon.net have been configured not to accept connections from
Europe by default.
Verizon is blocking ranges of IP addresses belonging to British and
European ISPs (the IP space from RIPE, APNIC, and more) in a
misguided attempt to reduce spam. Domains are only unblocked
following complaints, with Europeans effectively treated as guilty
till proven innocent.
[MORE]
John Navas
<http://www.theregister.co.uk/2005/01/14/texas_spam_suit/>
Texan authorities launched federal suit yesterday against a
University of Texas student alleged to have run one of the world's
largest spam operations.
Ryan Samuel Pitylak, 22, and alleged accomplice Mark Stephen Trotter
of Encinitas, California are accused of sending hundreds of thousands
of junk mail messages through two firms they ran, PayPerAction and
Leadplex. The pair are said to have specialised in spam messages
hawking mortgage refinancing and other financial services designed to
trick users into handing over personal information which the pair
sold on for up to $28 a lead. Spamhaus ranks the defendants as the
fourth largest illegal spam operation in the world in its Register of
Known Spam Operations.
ab...@mix.com
> The old domain was filtering out
> much of the spam load before delivering it to my mailboxes, but when I
> implemented the forward, they forwarded the email *before* filtering,
> and I discovered that it was getting in excess of 30,000 spams a day.
Unfortunately this seems to be how most everyone does forwarding.....
Billy Y..
ab...@mix.com
> Training the Bayesian filters gets more complicated (or doesn't get
> done as well) as you get more users, particularly if many of your
> users are appliance operators
I'm the one who gets stuck doing this for some of my users.
> And yes, a matter of resources also, and this isn't always just a
> matter of throwing more hardware at the problem. Sometimes it means
> more people, and that isn't always an option.
Yes even with massive amounts of hardware someone has to sit there
and make some decisions, and the amount of time that eats is directly
connected to the volume of garbage that happens to arrive in email.
Billy Y..
John Navas
In <csedim$3gs$3...@reader2.panix.com> on Sun, 16 Jan 2005 18:59:34 +0000 (UTC),
ab...@MIX.COM wrote:
What I'm seeing is that sampling of the false negative pool is sufficient to
get the job done.
John Navas
In <86wtuez...@skylane.kjsl.com> on 15 Jan 2005 08:20:26 -0800, Javier
Henderson <jav...@KJSL.COM> wrote:
>John Navas <spamf...@navasgroup.com> writes:
>I don't disagree with you that the steps to train the Bayesian filter
>are easy to follow. What I'm saying is that many end users (not computer
>geeks) aren't much into following them. And besides, some MUA's don't
>include all of the RFC822 headers when forwarding messages, and those
>are necessary.
Not necessarily -- Bayesian classification can work just on content, and with
many users, at least some will probably forward full headers in any event.
>And even if every user participated and forwarded messages properly, someone
>still has to review each message before telling the Bayesian filter that
>This is spam and That is not.
>
>Incorporating a Bayesian filter in the mail path isn't complicated at all,
>it's the training that gets complicated.
I personally don't see it as being any more difficult than maintaining other
filters.
ka...@sonic.net
wrote:
>spo...@speedymail.org (Steve Pope) writes:
>
>> This is a good example of how self-styled spamfighters are
>> contributing to the cycle of escalating tactics that
>> server to overload the system.
>>
>> If spammers were simply permitted to send all the email
>> they liked, then most of these types of problem, including
>> this one specifically, would go away entirely.
>
>Huh?
>
>-jav
Interpretation -- Lay back and enjoy the experience, Miss.