I totally agree with everything Len said here except for the DDoS solution. The US Government needs to force these ISP companies to do something instead of us trying to do it ourselves via DDoS. The cost of stopping it at the ISP level would be much less than what we all have invested total. All the ISP really needs to do is look for forged headers. More would be good, but that would stop a high percentage of what we have the hardest time stopping.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Tuesday, December 07, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: Re[2]: [IMail Forum] Lycos goes limp >I believe your analysis hit the nail on the head. I did hear statistics on >spamming that show 15 responses for every million messages sent. As the >anti-spamming technologies get better and better the ROI for spammers will >run most of them out of business. The real question is how to educate the 15 >fools who responded to the spammers. Rejecting spam at our target MXs is a whack-a-mole tactic that most of us of us have been forced to live with, and are doing mostly doing pretty well with it. But spam is 80% of all SMTP traffic at many sites, and continues to rise inexorably. Note that "% spam" is an asymptotic behavior. If you think spam is increasing linearly as we go for 50, 60, 70, 80%, your're mistaken. As the % spam increase, each 1% increase requires more absolute spam than the previous 1% for a static volume of legit SMTP. But legit SMTP msg volume is also increasing, so spam is increasing asymptotically faster than legit mail. Insanity. Preventing SPAM at the source, not the target, is an objective to alleviate this insanity. One enormous source is subscriber networks. I've seen mentions that 30% of spam is from compromised PCs. ie, large corporations, continue to subsidize SPAM by permitting spammers to steal their bandwidth and send SPAM from those networks. Immeidiately stopped by blocking port 25. They haven't done it and you can assume they won't. Shutting down spamvertizers/phishers/spyware websites (how they receive do their $) totally destroys their revenues, making their continued spamming extremely expensive. When SPAM doesn't pay, the SPAM will stop. The tiny bandwidth of DDoS translates into less bandwidth lost to spamvertizers. (Anoher DDos would be on the DNS servers hosting spammer's domain names.) btw, as more and more of you are finding out, accepting 100% of all SMTP inbound so you can decide whether it is spam, and quarantine it, is less and less sensible and economic as SPAM continues to hit 80+% levels at many sites. You can accept that situation for small volumes, but not for long. And it's not you who decides the volumes, proportional to your number of mail accounts, it's the spammers. Len _____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
