[anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
Joe St Sauver joe at oregon.uoregon.edu
Tue Dec 28 17:29:40 CET 2010
Hi, jorgen at hovland.cx commented: #> #An ASN does not represent a single legal entity #> #> Actually, at least some ASNs do represent single legal entities. For example, #> AS25 is the University of California at Berkley and AS4983 is Intel, just to #> mention a couple of many examples. # #Maybe or maybe not. You have probably no way of knowing that one day to #another unless you work for those companies. Routine daily life requires reliance on what some term "basic continuity assumptions", e.g., things that we take for granted because they've always been so. For example, assuming I pay my bills, drinking water will continue to come from my faucets, and not pilsner. I could spend a lot of time checking optimistically for (nearly) free beer, but based on historical consistency and other factors, there doesn't seem to be much point. :-; Similarly, I'm willing to make the "leap of faith" and assume that AS25 will continue to be Berkeley and AS4983 will continue to be Intel, etc. That may be more daring than running with scissors, but I'm comfortable taking the chance and I suspect most other folks are, too. #> #Spam in general cannot be defined #> #> Sure it can, and many folks offer definitions, including folks such as #> Spamhaus, see http://www.spamhaus.org/definition.html #> #> Other entities, such as MAAWG, prefer to opt out of the whole "what is #> and what isn't spam" debate, simply referring to "abusive mail" for #> things like their quarterly email metrics reports (see #> http://www.maawg.org/email_metrics_report ) # #Didn't you just show me that it in fact cannot be defined in general? :) No. What you may be noticing is that, unlike units of measurement in the metric system, where a single universal definition exists, squishier concepts (such as spam) may have multiple accepted definitions that exist at the same time. This is not uncommon in the human experience. Beauty, like spam, may mean different things to different people. However, even given regional or cultural differences, changes over time, or differing individual preferences, humans have a working "consensus understanding" of what most would perceive to be beautiful (or of what most would perceive to be spammy). #A site that does measure real mail volume is senderbase. Senderbase does indeed measure real email volume. Unfortunately, that's not the same as spam, although for many sites, spam may be 90% or more of that total volume, so it may be closely correlated for some sites that don't manage their outbound traffic. #> There's also the pragmatic reality that you may not be allowed to do #> the sustained volume of whois queries you'd need to do to map all observed #> IPs to encompassing netblocks, but you can easily map IPs to ASNs at the #> rate that's required. (Besides, trying to work at the per-netblock level #> is pretty unwieldy when it comes to things like maintaining abuse point #> of contact information, while ASN point of contact information is far more #> stable). # #Because something is easier doesn't mean it is better (the opposite also #applies). I'm just a pragmatic person, I suppose, happy for solutions that work (even if they may not be perfect). Like many people I'm also lazy. If a "good-enough" solution is also easy to use, I'm doubly delighted. #> #But we already have blocklists aggressively doing that with netblocks #> #(uceprotect, spamhaus etc). No serious mailprovider in my neighbourhood #> #use those blocklists to block mail or anything else. #> #> You must be in an unusual neighborhood since Spamhaus is generally #> considered to protect about 1.4 billion mailboxes worldwide according #> to http://www.spamhaus.org/organization/index.lasso # #Certain blocklists have lost their credibility because of their ways of #creating collateral damage instead of dealing with the real problem: Spam. #The number 1.4 billion becomes interesting when some people believe #there are only 1.3 billion mailboxes in the world. None of it is #probably true. # http://wiki.answers.com/Q/How_many_email_accounts_are_there_in_the_world I'm not sure that I'd put much stock in an estimate from an unnamed "research organization" (as is the case for the web page you suggested). As a baseline, I would note that MAAWG alone represents over 1 billion mailboxes (as reported by participating ISPs), although it draws largely from North American and European ISPs (some ISPs from other continents also participate, but not as many as I'd like to see). Just to provide one email account estimate from a *named* research organization, :-), the Radicati Group, Inc., estimates the number of email accounts worldwide at 2.9 billion in 2010 (see http://www.mmdnewswire.com/press-release-distribution-8142.html ). Based on that denominator, I could easily believe that Spamhaus really does have 1.4/2.9*100=48.2% market share. Regards, Joe Disclaimer: all opinions strictly my own.