[clug] spamsum usage in the real world

Kim Holburn kim at holburn.net
Wed Nov 15 03:30:22 GMT 2006 

If you think greylisting is good (and it is at the moment) then it  
won't last long.

The Spammers Strike Back
http://www.eweek.com/article2/0,1895,2051949,00.asp

> Opinion: The recent surge in spam volume is due to the  
> assertiveness of botnets and an increase in the sophistication of  
> their spamming efforts.
>
> Everybody's seen it by now. Spam is up like gangbusters in the last  
> few months. And not just in volume; a lot more of it is getting  
> through filtering mechanisms that had previously been pretty  
> reliable. It's an aggravating and depressing situation.
>
> A number of factors have contributed to the situation, and what  
> they all have in common, unfortunately, is that spammers are  
> getting much more sophisticated.
>
> Botnets have gotten so sophisticated that they're almost impossible  
> to shut down. This surge of spam is, perhaps, a show of strength,  
> as well as the botmasters exercising the fruits of their efforts  
> developing an underground network.
>
> How big is the surge? Postini, the largest hosted secure e-mail  
> provider out there, handling over 1 billion messages a day, ought  
> to know, and know in real time. The company says spam volume is up  
> 120 percent over the last year, but 59 percent in the last two  
> months. That's in line with numbers I've heard bandied about  
> elsewhere, and it's a huge rate of increase.
>
> Another factor is what security vendor Borderware calls "anti-anti- 
> spam spam," meaning spam that attempts to defeat anti-spam  
> measures. Spammers have learned all sorts of tricks.
>
> For instance, if a recipient rejects the message, they are  
> attempting to resend the message like a real mail server will.  
> Spammers historically have had naive mail transfer programs that  
> send a message and then move on, ignoring any errors.
>
> Many anti-spam systems rely on this characteristic to employ a  
> technique called graylisting. They reject the message once from any  
> sender they do not recognize and accept it on resubmission,  
> whitelisting the sender at the same time. This all assumes that a  
> spammer won't retransmit. Graylisting seems headed for the ash heap  
> of anti-spam history.

http://www.eweek.com/article2/0,1895,2051950,00.asp

On 2006/Nov/15, at 1:51 PM, Cody W. Appleby wrote:

>
> Only problem with this is that customers expect email to be  
> delivered in around
> 30 seconds,
> Greylisting drags this out to around 10-15 mins at most, I implemented
> greylisting and the amount of phone calls and emails I got abusing  
> me for it
> because there email is taking slightly longer that usual out weighs  
> the
> benefits.
>
> It did however cut Bandwidth and Spam numbers about 65%!!
>
> Cheers,
> Cody.
>
> On Wed, 15 Nov 2006 13:04:20 +1100, tmc at vandradlabs.com.au (Tomasz  
> Ciolek) wrote:
>> ahem...
>>
>> on filtering, I have found greyloisting to work quite well. sometimes
>> you get oddities with mic-configured systems, but other than that my
>> spam load dropped off by 90% or so...
>>
>> Tomasz
>>
>> On Wed, Nov 15, 2006 at 10:30:43AM +1100, Michael James wrote:
>>> On Tuesday 14 November 2006 6:52 pm, Nemo wrote:
>>>
>>>> Currently we're just running spamassassin (via spamd/spamc) over  
>>>> all
>>>> messages (many customers, we don't want to teach them how to train
>>>> a bayesian filter), but this is a chunky performance hit.
>>>
>>> If you have enough customers using IMAP
>>>  could they be educated to use this?
>>>
>>> Each user gets a SPAM folder for the auto-detected SPAM.
>>> You ask them to dump any missed spam in there too,
>>>  and to remove any false positives.
>>>
>>> A cron job runs spamassassin or dspam in learning mode,
>>>  assuming all read messages in the spam folder are actually spam.
>>> Search the other mail folders for the
>>>  spamassassin over-threshhold header,
>>>  and learn it as ham.
>>>
>>> michaelj
>>>
>>> --
>>> There is no perl one line hack
>>>  that a page of java won't do more elegantly.
>>> --
>>> linux mailing list
>>> linux at lists.samba.org
>>> https://lists.samba.org/mailman/listinfo/linux
>>
>> --
>> Tomasz M. Ciolek
>> ********************************************************************* 
>> **********
>>  tmc at vandradlabs dot com dot au
>> ********************************************************************* 
>> **********
>>    GPG Key ID:		0x41C4C2F0
>>    GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD  
>> 41C4 C2F0
>>    Key available on good key-servers
>> ********************************************************************* 
>> **********
>> --
>> linux mailing list
>> linux at lists.samba.org
>> https://lists.samba.org/mailman/listinfo/linux
>
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 
datefmt.htm

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list