[51918] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Sep 10 12:41:34 2002
To: Joe St Sauver <JOE@OREGON.UOREGON.EDU>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 10 Sep 2002 09:12:15 PDT."
<01KMBW2WGJ468WW2WL@OREGON.UOREGON.EDU>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 10 Sep 2002 12:41:08 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-856719492P
Content-Type: text/plain; charset=us-ascii
On Tue, 10 Sep 2002 09:12:15 PDT, Joe St Sauver said:
> Actually, our experience *does* follow the backoff paradigm: if you block a
> particular source of spam, that rejection *does* seem to trigger "message
> volume" backoff at the source, with only periodic check probes apparently
> designed to see if the spam source is really still blocked (and of course
> it really still is).
Yes - but since they need to have N replies to their spam to make it worth
the effort, they will just pound on somebody ELSE. I saw one quote from
a very unapologetic spammer who was complaining that with all these blocks
he had to send a lot more spam and his costs were up 1000% as a result.
Let's say a spammer needs 100 replies to turn a profit, and 1% of the things
that make it into a mailbox get a reply. If nobody blocks spam, then the
spammer only needs to send 10K messages before he profits. If 99% of spam
is blocked, he has to send a million. That's why we're seeing statistics
like "receives 2 billion pieces of mail a day and 80% is spam".
Think of it like a host with multiple A records - if one A goes down, they
*do* stop trying that one, but they then fail to use backoff on the OTHER
addresses.... ;)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-856719492P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9fiCkcC3lWbTT17ARAlpdAKC3TG7OGKjJTnbcPRQZh3QtmEuKRQCgsJ19
cSDKwTnpfpcRYqh/HpaaX2g=
=CyRL
-----END PGP SIGNATURE-----
--==_Exmh_-856719492P--
