On Wed, Feb 24, 2010 at 8:37 AM, Rich Kulawiec <r...@gsp.org> wrote: > On Tue, Feb 23, 2010 at 05:39:05PM -0500, Dan Kaminsky wrote: >> Do we know what Postini and Google are doing? If not, do we really >> have any idea what works? > > We have been discussing these points for many, many years on spam-l, where > the world's leading experts on spam hang out. I would suggest subscribing > to the list, participating, and reading the archives.
Heh, man. You're the one who brought up all the useless products. There certainly seem to be many people working on many approaches that do not work. > And yes, we know full well what works and doesn't work, but again, it > depends on whether the goal is merely stopping spam (which is quite easy > for any minimally-competent postmaster and does not require paying for > software, appliances or services [1]) Really? What is this set of small deployment guides I can read that will take the thousands of spams I get a day and cut it to a few spams a month, with apparently no false positive rate? I'm serious. I would love to have better advice to customers than "Uh, I can't tell you how to fix your Spam problem; nothing I've ever tried seemed to work. Go hire Postini." > or whether it's stopping spammers. > Not many people grasp the distinction, which is why almost without > exception, efforts over the past decade-plus have been directed at the > former, not the latter. > > Treating the symptoms makes the patient feel better, but does not > cure the disease. > > It does, however, provide a steady revenue stream for those who are > doing the former while pretending the latter doesn't exist. > > And meanwhile the latter has gotten much, much worse. Somebody is successful at stopping spammers? Like, making a human being not hit the send button? Who? Best I can tell, there are really only three options that stop a spammer: 1) Arrest the Spammer 2) Kill the Spammer 3) Bribe the Spammer #1 is funny. Haha. #2 has happened (top spammer in Russia, had to identify him from dental records). Strangely unpopular. #3 ...who knows. It would explain a lot though :) > ---Rsk > > [1] Sufficiently high usage of the Spamhaus DNSBLs may incur a fee. But > (a) very few operations reach that mark and (b) best practice in anti-spam > defense is to use a *lot* of other things before querying any DNSBL, > thus providing faster processing and reducing the load on the DNSBLs. > Most of the mail systems I run currently reject 80-85% of the spam > that they're going to reject before they consult any external resource. > This is vastly superior to those which *begin* by querying DNSBLs. We all know I love me some DNS, but at the nth degree, heavy use of DNS for blacklists devolves back into a traditional database synchronization problem, and the DNS protocol stops being the appropriate way to carry such a load. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
