> At 12:16 -0400 02-08-14, Perry E. Metzger wrote:
> >I use a very large variety of techniques to block spam, and I'm
> >something like 95% successful. The 5% is starting to kill me, and
> >making things substantially more successful than that is likely not
> >possible without blocking lots of legitimate mail.
Is that really true? I've no doubt it is true for Perry and everyone
else who has said it is, but I have evidence that does not entirely
support it for users overall. I've spent a lot of time on the DCC
and spam in general since Spamford's days. So I'd like everyone to
agree that spam is a big crisis and Do Something Now! However, we
should be honest.
The Distributed Checksum Clearinghousess stop spews of spam seconds
after their total recipient counts exceed thresholds. It does that by
having DCC servers accumulate total recipient counts for various checksums
of messages and send checksums and totals of bulk mail to their peers
in real time. There are currently some private servers doing whatever
their owners want and more than 60 servers in a public network exchanging
checksum counts. Several million mail messages are reported to servers
in that public network daily. Some of those servers are used by DCC
clients at very small outfits. Others serve clients at universities,
businesses, and Internet services providers. Thus, each DCC server
has its own population of end users. I think of those populations as
(1) people who hate spam so so much that they've done things like
install a DCC client or SpamAssassin,
(2) university faculty and staff and government employees,
(3) retail ISP customers.
Most of those DCC servers will tell anyone who asks several things.
Consider the following portion from such a report:
347742 reports 913>10 902>100 902>1000 902 many
answers 146004>10 104296>100 82697>1000 69954 many ...
... Aug 15 11:29:59.897950 PDT and 06:42:58
It says that server received 347,742 report/queries from clients in a
33 hour period. 913 of those reports involved at messages with more than
10 recipients, and 902 were reports of mail that hit spam traps and were
reports by DCC clients as having "many" or millions of recipients. Each
of those reports were answered by that DCC server with the totals for
each checksum of the message. 146,004 or 41% of those reports involved
at least one answers of a total recipient count greater than 10, 104,296
or 29% had a total greater than 100, and so forth.
I figure any mail message with more than 10 recipients is "bulk."
Since solicited bulk mail is white-listed at DCC clients and not
reported to DCC servers, those "answers...>10" are a good measure of
the spam seen by the users of DCC clients of a DCC server.
What I have noticed is that the percentage spam seen by people who really
hate spam have been receiving about 30% spam all year. That value
fluctuates to nearly 20% and 40%, but it has not increased much in the
last 6 months. I have not paid much attention to the other two
categories, because the DCC servers I control don't cater to those
users. The users at some U.S. ISPs seem to be receiving 70 to 80%
spam. while others see only 40%. Some government employees are seeing
only 25%. The only general rules I see are that
- people who are less unlikely to report spam (my category (1) and
customers of a somewhat atypical ISP) get less of it. (It is well
known that some spammers filter "Internet flamers" from their
lists and others "list wash.")
- people at government agencies get the least spam, people in the
computer business get somewhat more, Eurpeans still more, and U.S.
retail customers are being hammered.
That 70-80% of the mail received by retail users is spam is awesome, and
may be why the mass media is finally taking note.
But is spam doubling every year? I can't say that it is. I also can't
say it isn't. Yes, I saw reports of Brightmail's press release as well
as other media reports. It is wise to discount such statements just as
much as reports about any single mailbox, including your own. Our
individual spam loads are merely anecdotes, and outfits such as Cloudmark
and Brightmail need spam to increase so they can stay in business.
Vernon Schryver vjs@rhyolite.com