[anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
- Previous message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
- Next message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jørgen Hovland
jorgen at hovland.cx
Tue Dec 28 10:06:29 CET 2010
Hello, On 27/12/2010 19:09, Joe St Sauver wrote: > jorgen at hovland.cx commented: > > #So a quick summary: > #An ASN does not represent a single legal entity > > Actually, at least some ASNs do represent single legal entities. For example, > AS25 is the University of California at Berkley and AS4983 is Intel, just to > mention a couple of many examples. > Maybe or maybe not. You have probably no way of knowing that one day to another unless you work for those companies. > #Spam in general cannot be defined > > Sure it can, and many folks offer definitions, including folks such as > Spamhaus, see http://www.spamhaus.org/definition.html > > Other entities, such as MAAWG, prefer to opt out of the whole "what is > and what isn't spam" debate, simply referring to "abusive mail" for > things like their quarterly email metrics reports (see > http://www.maawg.org/email_metrics_report ) > > Didn't you just show me that it in fact cannot be defined in general? :) > #It's not ranking the spam volume > > People can (and do) track spam volume by IP, by the netblock encompassing > a spamming IP, by in-addr domain, and yes, by ASN. > > There are several ways to attempt to measure spam. The method used on that website is however bad, but I guess Quarterman was just making a point. A site that does measure real mail volume is senderbase. > There's also the pragmatic reality that you may not be allowed to do > the sustained volume of whois queries you'd need to do to map all observed > IPs to encompassing netblocks, but you can easily map IPs to ASNs at the > rate that's required. (Besides, trying to work at the per-netblock level > is pretty unwieldy when it comes to things like maintaining abuse point > of contact information, while ASN point of contact information is far more > stable). > Because something is easier doesn't mean it is better (the opposite also applies). > #Yes, I am really concerned that people might decide to blacklist ASNs > #due to spam. It doesn't make any sense in almost all cases. > > I'd have to disagree with your assertion that "it doesn't make sense > in almost all cases." > > There are some ASNs that may be routing only a small amount of space, > and which seem to have an extremely strong correlation with badness. > I believe you are saying the same thing as I. > #But we already have blocklists aggressively doing that with netblocks > #(uceprotect, spamhaus etc). No serious mailprovider in my neighbourhood > #use those blocklists to block mail or anything else. > > You must be in an unusual neighborhood since Spamhaus is generally > considered to protect about 1.4 billion mailboxes worldwide according > to http://www.spamhaus.org/organization/index.lasso > > Certain blocklists have lost their credibility because of their ways of creating collateral damage instead of dealing with the real problem: Spam. The number 1.4 billion becomes interesting when some people believe there are only 1.3 billion mailboxes in the world. None of it is probably true. http://wiki.answers.com/Q/How_many_email_accounts_are_there_in_the_world Blocking entire ASNs is quite feasibly when you are incapable of filtering spam. Cheers,
- Previous message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
- Next message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]