From razor-users-admin@lists.sourceforge.net  Tue Aug 13 10:21:58 2002
Return-Path: <razor-users-admin@example.sourceforge.net>
Delivered-To: yyyy@localhost.netnoteinc.com
Received: from localhost (localhost [127.0.0.1])
	by phobos.labs.netnoteinc.com (Postfix) with ESMTP id 7077743C45
	for <jm@localhost>; Tue, 13 Aug 2002 05:19:02 -0400 (EDT)
Received: from phobos [127.0.0.1]
	by localhost with IMAP (fetchmail-5.9.0)
	for jm@localhost (single-drop); Tue, 13 Aug 2002 10:19:02 +0100 (IST)
Received: from usw-sf-list2.sourceforge.net (usw-sf-fw2.sourceforge.net
    [216.136.171.252]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id
    g7CMoVb04895 for <jm-razor@jmason.org>; Mon, 12 Aug 2002 23:50:31 +0100
Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13]
    helo=usw-sf-list1.sourceforge.net) by usw-sf-list2.sourceforge.net with
    esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17eNs5-0004d0-00; Mon,
    12 Aug 2002 15:41:09 -0700
Received: from main.gmane.org ([80.91.224.249]) by
    usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id
    17eNrc-0006lN-00 for <razor-users@lists.sourceforge.net>; Mon,
    12 Aug 2002 15:40:40 -0700
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
    id 17eNqc-000157-00 for <razor-users@lists.sourceforge.net>;
    Tue, 13 Aug 2002 00:39:38 +0200
To: razor-users@example.sourceforge.net
X-Injected-Via-Gmane: http://gmane.org/
Received: from news by main.gmane.org with local (Exim 3.35 #1 (Debian))
    id 17eNqb-00014t-00 for <gmane-mail-spam-razor-user@m.gmane.org>;
    Tue, 13 Aug 2002 00:39:37 +0200
Path: not-for-mail
From: Jehan Bing <jehan@bravobrava.com>
Newsgroups: gmane.mail.spam.razor.user
Message-Id: <aj9df9$41h$1@main.gmane.org>
References: <aj8tcp$hvh$1@main.gmane.org>
    <54059D4C-AE39-11D6-A15F-00039396ECF2@deersoft.com>
NNTP-Posting-Host: adsl-64-168-83-170.dsl.snfc21.pacbell.net
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1029191977 4145 64.168.83.170 (12 Aug 2002
    22:39:37 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 12 Aug 2002 22:39:37 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1b)
    Gecko/20020802
X-Accept-Language: en-us, en
Subject: [Razor-users] Re: What's wrong with the Razor servers now?
Sender: razor-users-admin@example.sourceforge.net
Errors-To: razor-users-admin@example.sourceforge.net
X-Beenthere: razor-users@example.sourceforge.net
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
List-Help: <mailto:razor-users-request@example.sourceforge.net?subject=help>
List-Post: <mailto:razor-users@example.sourceforge.net>
List-Subscribe: <https://example.sourceforge.net/lists/listinfo/razor-users>,
    <mailto:razor-users-request@lists.sourceforge.net?subject=subscribe>
List-Id: <razor-users.example.sourceforge.net>
List-Unsubscribe: <https://example.sourceforge.net/lists/listinfo/razor-users>,
    <mailto:razor-users-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=razor-users>
X-Original-Date: Mon, 12 Aug 2002 15:40:32 -0700
Date: Mon, 12 Aug 2002 15:40:32 -0700

Craig R.Hughes wrote:
> I was thinking you could easily create a spamtrap which you subscribe to 
> lots of legitimate nonspam mailing lists, plus you also spread the email 
> address around and get it in the hands of lots of spammers so it ends up 
> receiving large quantities of both spam and nonspam, then you have it 
> apply the algorithm above to the incoming mail stream.  So it could be 
> thousands of actual real, different, emails per day.  The "very high 
> rate triggers alarms" thing is certainly something which would be 
> possible to check for, but there may be legitimate ways to exhibit this 
> behavior -- can't think of one right now but "AOL proxy server" springs 
> to mind as an example from another domain.

If there is a maximum trust value (if trust is some sort of percentage
for instance), and if it isn't impossible to reach it, that would 
prevent too few people to get too much of an avantage. My guess is if 1% 
of razor users can reach this limit (or be near enough), spammers won't 
be able to cheat just by building up their trust, they would need a fair 
amount of fake users too.

Now, for the "fair amount of fake users", spammers don't have access to 
many set of network classes. So they would need a bunch of users coming 
from the same set of ips. If the razor servers see 100 people on a class 
C network (253 ips) reporting 10000 emails a day, something wrong is 
going on. This could also trigger alarms.

As for legitimate proxies and the like, 1) a proxy should not report any
thing (spam should be reported by hand, not automatically), 2) there may 
be a way to have exception (IBM networks would have lots of users from 
the same set of ips but no likely spammers, so no alarm would trigger 
for their network, or better the alarm would be less sensitive). AOL 
could still give trouble though but even then, for one particular phone 
line/cable, the set of ip is probably quite small even less than a class 
C (using network subclassing). The spammers could still try to have 
several connections at different locations, but that increases their 
cost and so is not so much interesting.

	Jehan





-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Razor-users mailing list
Razor-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/razor-users


