rejecting spam at SMTP time (was Re: Postfix anti-antivirus (was Re: [linux-elitists] etc))

Karsten M. Self kmself@ix.netcom.com
Fri Sep 24 21:36:55 PDT 2004


on Fri, Sep 24, 2004 at 10:35:39AM -0500, Rick Bradley (roundeye@roundeye.net) wrote:
> * Karsten M. Self (kmself@ix.netcom.com) [040924 05:03]:
> > As Don writes this, I'm working through fallout of having run through
> > some 28k messages backlogged over some six weeks, of which ~3k were
> > spam.  What with my intensive incoming mail processing, it took six days
> > to work through the backlog.
> 
> I've been seeing exponential growth in spam counts over the past year.

I'm seeing doubling at 6-9 months.

<...>

> The jury's still out until the statistics have been averaged out for a
> while, but in 24 hours I went from ~4,000 spams per day down to just
> over 1,300 spams in one day.
> 
> I presume the growth curve will still be mostly exponential, but being
> able to step back six months on the curve with a few minutes of work is
> a godsend.  

You've bought yourself one doubling period.  Maybe less.


For the rest of us, there's some bleak news in sight:

  - Within the next 1-3 years, unmediated dialup email accounts (no spam
    filtering) will be impossible.  This puts a considerable bar up for
    newbies getting onto the Net.  If you're thinking "nobody uses
    dialup anymore", well, about half of everyone _does_.  And many
    services (wireless, mobile) are effectively dialup in capabilities.

  - Even for broadband, the time necessary to filter out spam is going
    to climb.  Depending on your checks, we're going to see limits hit
    here.  Probably first for businesses and organizations with multiple
    addresses, but ultimately for individuals using desktop filtering,
    etc.

  - Email wil continue to become less and less reliable as there are
    more defenses built in.  Many of which are not well considered and
    have considerable negative consequences, including time delay,
    nondeterminism, bad filters, and failures of ever more complex
    systems.

  - Newcomers will be less willing to participate in open exchanges (or
    evan emailing individuals) due to the consequences of spam, viruses,
    and email scraping bots and viruses of various forms make keeping an
    address "clean" more and more difficult.

  - Lists and other group communications channels will be ever more
    flooded in crap.  For well-known lists, figures run at near 95%
    spam, incoming.

  - As the ration of spam to ham increases, even slight filtering
    inefficiencies will have large consequences.   Say you want to keep
    unfiltered spam at a constant portion of you non-spam mail.  If your
    spam is 10% of your mail, you only need 45% effective filters.

    o At 90% spam, you need 99.5% effective filters.
    o At 99% spam, you need 99.95% effective filters.
    
    With a sufficiently high spam load, you have to accept either *very*
    effective filters, or a lot of cruft in your inbox.  No matter what.


And figure the same for any other cheap means of instant global
communications.  I think the new rule for networks will be:  if you
build it, they will spam.


> My hosting friend and I are going to configure SPF for all the domains
> handled by his service soon, and begin looking at factoring SPF into the
> tagging process.  More than anything we expect this to gradually start
> helping with the shotgun joe-jobbing problem (really the joe-jobbing
> problem in general) as some of the bigger hosts begin deploying SPF as
> well.

SPF is an anti-joe-jobbing technology, with third-party cooperation.  It
does relatively little against spam.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Haste makes waste.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040924/5a7c0653/attachment.pgp 


More information about the linux-elitists mailing list