Re: Identifications dealing with Bulk Unsolicited Messages (BUMs)

2007-02-22 Thread Brian E Carpenter 

On 2007-02-21 17:07, Tony Finch wrote:

On Wed, 21 Feb 2007, Brian E Carpenter wrote:

Blacklists at the level of sending domains (or reputation systems
that function like blacklists) are a failure.


I was talking about IP address blacklists.


Right. That can work, of course.


Perhaps 90% was a bit
over-optimistic - my stats from cam.ac.uk show more than 80% of spam dealt
with by DNS blacklists and another 10% with a few other simple checks.


Interesting. Do they also run content filters?

   Brian


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Identifications dealing with Bulk Unsolicited Messages (BUMs)

2007-02-22 Thread Brian E Carpenter 

The level of bulk unsolicited messages exceed more than 90% of the volume in 
many cases


I estimate 95% of moderated non-member mail that hits the IESG list to be b.u.m.

   Brian

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

RE: Identifications dealing with Bulk Unsolicited Messages (BUMs)

2007-02-22 Thread Tony Finch 
On Wed, 21 Feb 2007, Hallam-Baker, Phillip wrote:

 The question Brian raised is not the percentage of spam that blacklists
 catch, it's the false positive rate.

Yes, you have to be careful about which blacklists you use and how you use
them. The reputable ones (e.g. Spamhaus) have a negligible FP rate.

Tony.
-- 
f.a.n.finch  [EMAIL PROTECTED]  http://dotat.at/
LUNDY FASTNET IRISH SEA: SOUTHERLY 4 OR 5, INCREASING 6 LATER. ROUGH OR VERY
ROUGH, BUT MODERATE IN IRISH SEA. SHOWERS. GOOD.

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Identifications dealing with Bulk Unsolicited Messages (BUMs)

2007-02-22 Thread Tony Finch 
On Thu, 22 Feb 2007, Brian E Carpenter wrote:

 Interesting. Do they also run content filters?

SpamAssassin deals with most of the rest.

Tony.
-- 
f.a.n.finch  [EMAIL PROTECTED]  http://dotat.at/
PLYMOUTH BISCAY FITZROY SOLE: SOUTH OR SOUTHWEST 5 TO 7, OCCASIONALLY GALE 8.
ROUGH OR VERY ROUGH. RAIN AT TIMES. MODERATE OR GOOD.

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: Identifications dealing with Bulk Unsolicited Messages (BUMs)

2007-02-22 Thread Douglas Otis 


On Feb 22, 2007, at 1:41 AM, Brian E Carpenter wrote:

The level of bulk unsolicited messages exceed more than 90% of the  
volume in many cases


I estimate 95% of moderated non-member mail that hits the IESG list  
to be b.u.m.


Much that slips past somewhat static (and not very effective) lists  
come from a small percentage of network providers not managing  
prohibitions of bulk unsolicited messages.  On one hand, network  
provider's revenues depend upon traffic, any traffic.  On the other  
hand are support calls.  Effective black-hole operators only deal  
with network providers.  Network providers can stipulate which  
address ranges are placed on the black-hole operator's policy based  
lists.  When bulk unsolicited messages are detected from sources  
enabled by the network provider, the network provider is contacted  
first.  Deference is afforded when a network provider responds, where  
avoiding a listing is truly a shared interest.


Customers of network providers that do not to respond to reports, and  
that also have a high density of IP addresses emitting bulk  
unsolicited messages are unfortunately at risk.  When a customer  
becomes listed, the black-hole list operator will likely inform them  
they must contact their network provider, as the network provider  
must act on their behalf.  It is impossible to develop relationships  
with billions of network provider's customers, where those wishing to  
send bulk unsolicited messages are also often less than truthful.   
Short of making bulk unsolicited messages outright illegal or  
permitting complete mayhem, the tussle remains between black-hole  
list operators and network providers, an aggregate of receivers  
versus an aggregate of transmitters.


Network providers very much desire black-hole operators to  
automatically delist IP addresses when their customers complain to  
the black-hole operator.  Ongoing efforts in the ASRG voice this  
desire in a draft aimed at advising black-hole list operators.  This  
draft does not clarify how network providers are identified, or  
attempt to describe the network provider's role in controlling bulk  
unsolicited messaging.  Ignoring the role of the network provider may  
be extremely profitable for some, but is also likely to be highly  
detrimental for the Internet as a whole.


A better way to deal with this problem would be to impose stiff  
sanctions on network providers who fail to handle reports of bulk  
unsolicited messages.  This will mean they need to deal with  
fraudulent accounts or block infected computers.  Currently, the PITA  
created by black-hole lists create some financial incentive that  
restrains BUMs at their current, albeit high, levels.  Ignoring the  
role network providers play in controlling bulk unsolicited messages  
will likely allow this problem to grow much worse.


-Doug

 


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf