IETF Logo Mail Archive

Re: [ietf-smtp] Levels of proposals

Chris Lewis <ietf@mustelids.ca> Wed, 16 December 2015 23:58 UTC

Return-Path: <ietf@mustelids.ca>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC3D1A914E for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Dec 2015 15:58:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.043
X-Spam-Level: ***
X-Spam-Status: No, score=3.043 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FH_RELAY_NODNS=1.451, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HpfkwvgfyNQ for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Dec 2015 15:58:01 -0800 (PST)
Received: from stoat.mustelids.ca (unknown [174.35.246.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6654B1A9138 for <ietf-smtp@ietf.org>; Wed, 16 Dec 2015 15:58:01 -0800 (PST)
Received: from [192.168.0.6] (badger.mustelids.ca [192.168.0.6]) (authenticated bits=0) by stoat.mustelids.ca (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id tBGNvwK5028624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <ietf-smtp@ietf.org>; Wed, 16 Dec 2015 18:57:59 -0500
To: ietf-smtp@ietf.org
References: <CABa8R6vfT-9=51B32++eUAVeq5xuhTNUuv62yeO+W6AErRFnDQ@mail.gmail.com> <20151211193502.GC14888@gsp.org> <1449865171594-e8c91f5a-0c5e0a8f-446fd657@fugue.com> <CABa8R6vt3uWLiJ6uZkv_3Kzuqm5=fgc67O2HKZ0KUCs4oWcvBg@mail.gmail.com> <20151216121747.GA9654@gsp.org> <1450287616373-ec4485b8-23a4d3aa-6978bc28@fugue.com>
From: Chris Lewis <ietf@mustelids.ca>
X-Enigmail-Draft-Status: N1110
Message-ID: <5671FA86.6040903@mustelids.ca>
Date: Wed, 16 Dec 2015 18:57:58 -0500
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
In-Reply-To: <1450287616373-ec4485b8-23a4d3aa-6978bc28@fugue.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-smtp/erkz5ffFny4BqQ9tCCLxlGyh5FE>
Subject: Re: [ietf-smtp] Levels of proposals
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2015 23:58:02 -0000

On 12/16/2015 12:40 PM, Ted Lemon wrote:
> Wednesday, Dec 16, 2015 7:17 AM Rich Kulawiec wrote:

Compared their inboxes in terms of MAGY.

Every inbox and every receiving infrastructure is different in terms of 
spamload.

Comparing individual maiboxes is an exercise in futility.

Even I, who have 150 million spams per day across dozens of spamtraps 
representing 10s of thousands of domains won't generalize to this 
extent.  Because they're all different.

I do a daily tuning run on these traps.  The daily tuning run is to find 
out which spams evaded the "SMTP client delivering to me is infected 
with <botname X>" heuristics so I can tune them.  It does not trigger on 
real MTAs for obvious reasons (including MAGY's).

The "SMTP client delivering to me is infected" catches, right now, 
better than 95% of all inbound.  So I'm only looking at 5% of the flood. 
  Of that 5%, at most about 20% is MAGY.  Usually <10%.

So at least on one trap cluster (~35M/day) MAGY isn't a big deal.  At 
most about 1-2% of the total flow.  Does that generalize everywhere? 
No.  But I think it's a better measure than _one_ mailbox.

In the meantime, my personal account is unfiltered, similarly "for 
science".  More than 50% of all spam that I receive in total is spamming 
"ietf@mustelids.ca" - an account that was created JUST for being on this 
mailing list less than a month ago.

IOW: the IETF is responsible for greater than half of my spam.

[Back in the days when I ran the spam filters for a large corporate, 
every user who received more spam than I (~200/day) were frequent fliers 
on IETF mailing lists.  Including the poor sod getting 1600/day.  IETF 
mailing lists considered harmful.]

v2.23.0 | Report a Bug | By Email