[linux-elitists] On spam, stamps, and hygiene

Karsten M. Self kmself@ix.netcom.com
Sat Feb 7 16:03:27 PST 2004


on Sat, Feb 07, 2004 at 04:34:43AM -0500, Rick Bradley (roundeye@roundeye.net) wrote:
> * Karsten M. Self (kmself@ix.netcom.com) [040206 23:41]:
> >     Spam volume by ASN, top 100 contributing ASNs
> >     http://linuxmafia.com/~karsten/Images/spam-by-asn.png
> > 
> >     Cumulative spam volume by ASN, top 100 contributing ASNs
> >     http://linuxmafia.com/~karsten/Images/cum-spam-by-asn.png
> 
> Not trying to sound like an idiot here, but those graphs show an obvious
> power law.  Plot that first graph log-log and look at the line you get.

Quite.

    http://linuxmafia.com/~karsten/Images/cum-spam-by-asn-loglog.png
    http://linuxmafia.com/~karsten/Images/spam-by-asn-loglog.png

> Which prompts the question:  How does the maxim "them what has, gets"
> apply to the physics of the spammer universe?  "People" must know where
> to go to get their spam sent, and some society must know who're the
> biggest and "best" spammers.
> 
> Take out the top spammers and you cripple the spamming network.  Do it
> in a high-profile way and you deal a serious blow to spamming in
> general.  

Ayup.  That's a prime reason I'm circulating this information.

The nice thing is that even if the *rest* of the Net doesn't take any
action, you can save yourself a sh*tload of grief by sh*tcanning the top
n spam sources.  I'd add to that the top n sources by proportion as well
(IOW:  sources which may not be significant numeric contributors, but
which spew little that _isn't_ spam).


This also suggests that an ASN-specific rule in SpamAssassin would be
highly useful as a filter.  Hrm...


Does anyone know whether or not the SpamAssassin Bayesian classifiers
reads headers?  Hrm.  Appears they do.

So:  it should be possible to add ASN(s) for the Received lines for
spam, as an X header (X-ASN:).  And let your existing Bayesian
discriminator train itself on this as spam or ham.

Better would be to have this information kept at the MTA itself, or
rolled into your firewall rules on a periodic basis.  No reason to
cotton _any_ traffic from the worst spam sources, IMO.


> This tells me that technology alone shifts the graph downwards but
> doesn't change its shape, 

How do you mean this?  You can change the shape of the graph by
(recipients' choice) killing, or seriously delaying, all traffic from
the worst offending ASNs.

> while legal action against the biggest offenders is likely to change
> the shape of the graph.

I don't understand.  Could you explain?


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Geek for hire:  http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040207/39fd78ea/attachment.pgp 


More information about the linux-elitists mailing list