Email Servers Will Choke, Says Spamhaus

Rub3X writes, "The legal battle between antispam organization Spamhaus and e360 Insight is heating up. Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day, according to the project's CEO Steve Linford. Spamhaus CIO Richard Cox says the immediate issue is that if the domain is suspended, the torrent of bulk mail hitting the world's mail servers would cause many of them to fail. More than 90% of of all email is now spam, Cox says, and he doubts that servers worldwide would be able to handle a ten-fold increase in traffic." Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable. The article paraphrases CIO Cox as saying that the service will continue "even if there is a short-term degradation."

I say let the spam come

[pembo13]

It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.

I still think they 3360 guys just look and smell like spammers. That spamhaus aggrees just adds to this conclusion. Here's what seems to amount to the spam histroy of the "plantiff".

Re:I say let the spam come

[misleb]

It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.

I think most internet users still remember what it was like before spam filtering became common. Wait a few more years. Then users will take the filtering for granted.

-matthew

Re:I say let the spam come

[jemenake]

It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.

Which is why I'm surprised Spamhaus doesn't just "simulate" what life would be like without them... before we're without them. Dispense with the predictions of how much spam will increase and what fate will befall the servers. Just shut off your service for a bit and wait for everyone to offer you their firstborn. Enron did it with California's electricity and it worked like a charm.

Re:I say let the spam come

[TapeCutter]

"I think Spamhaus is trolling after making an ass out of itself in court."

Ummmm, they didn't go to court and they have not accepted anything, Spamhaus are demonstrating their view that the court does not have jurisdiction, Spamhaus seem to have a clue what they are talking about but the judge isn't listening since they refused to recognise the court by showing up. And if push really did come to shove then Spamhaus would probably just "reboot the company" in a different country.

I've been in front of a few judges in my time and IMHO many of them are the most arrogant people you could possibly imagine. I know very little about the US court system but I am guessing a district judge is not very high up the judicial foodchain and would have a hard time shutting down the internet no matter how hard he bangs his gabble. Meanwhile the rest of the planet will treat an unenforcable court order from this judge about as seriously as they would a court order from the judge in this case.

Re:I say let the spam come

[.Chndru]

ICANN says no, http://www.icann.org/announcements/announcement-10 oct06.htm

Re:I say let the spam come

[ray-auch]

Actually, the problem (if you read the lawyers who've written on this) is that originally they _did_ go to court.

IIRC they asked the original (state, district ?) court to move the case to federal.

_Then_ they didn't turn up at the federal court because they _then_ decided they didn't accept its jurisdiction.

Re:I say let the spam come

[cortana]

You're leaving out the part where their solicitors requested the venue change without instructions. AFAIK Spamhaus dismissed them and are taking them to court for creating this whole fucking mess in the first place.

Re:I say let the spam come

[Jekler]

Most users probably don't remember the rate of spam before filtering was common for a number of reasons:

1. The rise in internet usage since the year 2000 indicates, at best, only 1/3rd of the internet population could remember the rate of spam before filtering was common.
2. The rise of email usage indicates a large population of the people who were connected pre-filtering weren't using email.
3. The current volume of spam per person is at least triple what it was pre-filtering.

Most of us who were using the internet before spam filtering became so common have not seen what today's volume of spam would look like unfiltered. Assuming spam per person has tripled, anyone who was getting 20 spam per day pre-filtering would be looking at 60 spam per day now.

It would be a much deserved wake up call if spam filter companies were to shut down operations for a few days. It's obvious that the bodies overseeing this case think of Spamhaus as little more than a novelty. I think Spamhaus needs to send a crystal clear message, and perhaps the most effective way to do that would be to show the world how green the other side of the fence really is.

Re:I say let the spam come

[dheltzel]

I'm surprised Spamhaus doesn't just "simulate" what life would be like without them

It's easy to explain why they don't do this. They know that only clueless email admins rely only on an RBL for Spam control. Only the "Spamhaus faithful" would get clobbered with the extra Spam and they would have to switch to a different method or lose their jobs. This would be a sure way to kill off your customer base by proving empiracally why a single point of failure in Spam detection is a bad idea.

I've seen as much bad behavior from the RBL maintainers as I have from the spammers, so I only use an RBL as a final check to hold email that is on an RBL but otherwise passes through the filter. The (very few) held emails are almost always legitimate. The only reason I even bother to hold them is to keep an eye on what's going on and kill the final few Spam emails. The system I use for my employer has an almost perfect rate of rejection. Most of our users get fewer than 10 Spam messages a year! I get a lot of questions from co-workers about how to deal with Spam in their personal accounts because we do such a great job of dealing with it in their work accounts.

I know the Spamhous fanboys will take offense at this post. My only comment is that you are free to use an RBL as your only Spam control if you wish, just as I am free to use what I consider to be better methods. Good luck to you if Spamhous ever goes dark for any reason -- you're gonna need it.

Re:I say let the spam come

[jcr]

So, who has standing to file a complaint against this spammer?

He lied on the jurisdiction issue, and if that takes Spamhaus off the network, then millions of us suffer economic damage from the result of his perjury.

Anyone in Illinois want to register a class action against the son of a bitch?

-jcr

Re:I say let the spam come

[arivanov]

I have.

Here is the result:

Spamhaus gives only further sub-5% improvement on top of greylisting with a positive feedback loop at delivery/user report level. With relay level content filtering feeding into the feedback loop that will be down to under 3%. Greylisting on its own does 90%+.

The CPU cost of greylisting is not that much higher compared to DNS blacklists (and on a large site you can dynamically gate greylists into a local DNS greylist zone for distribution). In fact it is less if you form temporary firewall reject lists from your greylisting database.

So the answer is: technically Spamhaus is full of shit and the floodgates will not open. On most well managed sites it will be just another day. A bit more SPAM, but not a lot. At most it will make admins tune feedback loops into grey/black lists a bit better.

Move along people, nothing to see here. Spamhaus should stop dragging the rest of the internet into the stupid internet governance battle which is not for them to fight in the first place. I already commented on their position on this issue in past Slashdot posts on it.

Spamhaus should stop talking BS and move their operations to the same domain as their legal country of residence.

Re:I say let the spam come

[williambbertram]

Of course they are spammers. If tiny gray guys in overcoats, fake moustaches, and dark sunglasses ask permission (in a squeaky voice) to shut down the mouse trap factory, what do you think is going on?

Re:I say let the spam come

[DoomfrogBW]

RTFA

I think you are terribly mistaken. Spamhaus screwed up. They could of ignored or sent an attorney as special counsel to the case without acknowledging the jurisdiction of the Illinois court. Because they asked it to be moved to Federal, they pretty much acknowledged that the judge now has jurisdiction over the case. Then, because they don't like the judgement, they go ahead and try and ignore it. Instead of not showing up, Spamhaus could of done a better job in front of jury. Because they didn't, the judge didn't have much choice as the plaintiffs win by default.

Re:I say let the spam come

[suv4x4]

Ummmm, they didn't go to court and they have not accepted anything, Spamhaus are demonstrating their view that the court does not have jurisdiction, Spamhaus seem to have a clue what they are talking about but the judge isn't listening since they refused to recognise the court by showing up. And if push really did come to shove then Spamhaus would probably just "reboot the company" in a different country.

I hope it's like you say, because in the media it came more like this:

Spammer: I'll sue you!

Spamhaus: Sue me!

Spammer: I sue you and I sued you! Your domain is goin' away!

Spamhaus: Oh no we give up, omg world prepare for e-mailmageddon! Fair well, fair well!

ICANN: We can't take your domain, Spamhaus.

Spamhaus: Oh what tragedy is before us, pitty us and you and... ICANN, you can't? Hmmm (damn it)

Spammer: I continue suing you and will win anyway!

Spamhaus: Oh no, world see how unfair the world is prepare for spamornado, spamunami, we're all doomed! Oh I pitty my sad fate! Oooh... Noo! Oh oh...

Random Observer: Dude stop making ass of yourself, you need neither the domain, neither you're the only solution for filtering spam out there. Take it like a man and maybe start respecting the court.

Spamhaus: Shut up observer, you're interrupting my dramatic routine.

Re:I say let the spam come

I hate spam just like the next guy, but when you make a profitable business from spam fighting, you need at least some clue about how the legal system works.

"The" legal system? You make it sound like you think there's only one. Here's a clue: the US legal system is just one of many legal systems in the world. Spamhaus is based in the UK, where we have a somewhat different legal system. It is not reasonable to expect people based outside the USA to know (or care) how the US legal system works.

Re:I say let the spam come

[CastrTroy]

But at least with Yahoo, it ends up in the spam box. Hotmail puts it in your inbox. Unless you turn on the option to only receive mail from your contacts (Whitelists are stupid) then just about everything ends up in your inbox with Hotmail. I have accounts for both, and as of now, I have 927 spam messages in my spam box from yahoo. With hotmail I have I have 2700 message in my inbox, 14 of which are from my contacts; I have 12 messages in my junk mail box. So, hotmail is terrible at blocking spam, while Yahoo, at least puts it in a separate box for you, so it doesn't clutter up your inbox.

Re:I say let the spam come

[grub]

Most of us who were using the internet before spam filtering became so common have not seen what today's volume of spam would look like unfiltered.

So much of it happens server side the end users would have no idea as to the amount. My home mail server which handles a handful of users gives me these stats. and this is just for the 8.5 hours of "Today":

(spamhaus) Listed at Spamhaus: 655
(sorbs.net) Listed at dnsbl.sorbs.net: 146

So that's just over 800 pieces of crap for today (so far) Those are server-side filters, not client side.

Re:I say let the spam come

[rgriff59]

I remember an old adage that said "Turn About is Fair Play."

As much as I'd like to suggest tar and feathers as a fitting punishment for e360, I believe that is generally frowned on these days, so I doubt it would work. However, I doubt that a class action would really amount to much more than some attorney chest thumping of motion, counter motion. Perhaps a different tact is needed?

Maybe we could take a lesson from the spammer. They cause lots of small problems that add up to a huge drain, and maybe they get really lucky, and make a score. Adopt the same strategy. Consider a coordinated, but arguable separate, set of law suits in multiple jurisdictions against e360insight for the damage they cause. No class actions, as that would give one single point to defend. For this to have the desired effect, it must drain the resources in many small pieces. Imagine if, say for example, on March 16, 2007, there were 50,000 independent suits filed across the country by the victims of the e360 spam. Each one could be for a small amount of damages. The important point is make them all independent, and resist a class designation. Imagine the burden of defending these. Imagine the default judgements if any got lost in the shuffle. Imagine the statement that would make to those who abuse not only the email systems, but our courts as well...

Re:I say let the spam come

[mrball_cb]

Spamhaus gives only further sub 5% improvement on top of greylisting

You assume that your customers won't leave en masse because "my sister just sent an email and it didn't get here 30 seconds later". When you tell them that cannot be changed, they will leave and go to someone who accepts and delivers email instantly. It doesn't matter that it is in their best interests, they will still leave. We can't do greylisting for that exact reason.

Here's what kind of stats SpamHaus does for us:
    Blocked from SpamHaus (hijacked cable/dsl modem): 160039
    Blocked from SpamCop RBL: 7869
    Blocked from internal RBL: 1145

So before even seeing content, we blocked 169053 connection attempts, and there could have been multiple emails on each connection. After all that being blocked, we still accepted 55K emails:
    Inbound per day totals: 55373
    Detected and rejected as spam 37677
    Detected and rejected as virus 254

and there was STILL 38K emails detected and blocked as spam. And in the real world, some of that 17442 emails (55373 - 37677 - 254) was spam too. If we open the floodgates and previously blocked email starts getting delivered, likely it would be about 100K emails that get past the spam filters, of which all additional email is guaranteed to be spam, so 80%+ of that delivered email would be spam.

Now, multiply those numbers times 4 and that is the load we would have to deal with, and we are a small operator compared to a lot of ISPs. In addition, we would likely have to get one or two additional machines to handle the increased spam scanning load. It does nothing but COST US MONEY to shut down SpamHaus service.

Before anybody points out the obvious, our SMTP Auth users are exempted from the RBLs if authentication succeeds.

One thing that I've not seen anybody mention though is how simple it is to make your nameservers forward spamhaus.org requests to their nameservers. Problem solved.

Someone please tell me they have an alternative

[Kris_J]

I am so ready to walk away from email. I just need someone to point me to a workable replacement.

Re:Someone please tell me they have an alternative

[crazyvas]

Dude,
I am so ready to walk away from cars. I just need someone to point me to a workable replacement.
I am so ready to walk away from television. I just need someone to point me to a workable replacement.
I am so ready to walk away from radio. I just need someone to point me to a workable replacement.
I am so ready to walk away from life. I just need someone to point me to a workable replacement.
I am so ready to walk away from my legs. I just need someone to point me to a workable replacement.

Re:Someone please tell me they have an alternative

[Solder+Fumes]

It's because you have no friends.

Re:Someone please tell me they have an alternative

[RMH101]

Your company advocates a

(x) technical ( ) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
() The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Someone please tell me they have an alternative

[rar]

Easy. We just need to set up a protocol where an ISP is charged $0.01 per email sent. That will kill the spammers without having any real effect on people sending email.

Actually, the problem is not this simple. Spammers today send their emails from millions of hacked computers worldwide. They will just continue to do so, and these charges will drop on the clueless users whose computers are used to send the emails.

As long as computer security is as bad as it is today, there just is no easy solution to spam. All hyper-clever ideas about encrypted network id:s, black and whitelists, hashcash, etc, are just temporary solutions --- they only serve to drive the spammer to more intensly use the fact that a hacked computer also gives access to an online identity.

Re:Someone please tell me they have an alternative

[dangitman]

Unlikely. Common sense is rather uncommon.

Re:Someone please tell me they have an alternative

[rbarreira]

I am so ready to walk away from cars. I just need someone to point me to a workable replacement.

Here.

I am so ready to walk away from television. I just need someone to point me to a workable replacement.

Here.

I am so ready to walk away from radio. I just need someone to point me to a workable replacement.

Here.

I am so ready to walk away from life. I just need someone to point me to a workable replacement.

Here.

I am so ready to walk away from my legs. I just need someone to point me to a workable replacement.

You can't walk away from your legs. Not with the same legs, at least.

Re:Someone please tell me they have an alternative

[RAMMS+EIN]

``My guess is they'd borrow ideas brought to us by instant messaging. Contact lists, invites, authorizations, etc.''

Spammers now send their messages in MSN and ICQ invites/authorization requests.

Re:Someone please tell me they have an alternative

[slackarse]

You can't walk away from your legs. Not with the same legs, at least.

Here.

Two lists needed

[Ed+Avis]

Maybe some legal problems could be avoided by having two lists. One, a list of spammers. The second list is people who are not spammers (cough) who have threatened or engaged in legal action to be removed from the first list. In other words a list of plaintiffs in court cases. Mail server admins could choose whether to use one list or both for blocking mail.

kdawson at it again.

[Inoshiro]

Here's the dnscache (part of the djbdns family) solution: /service/dnscache/root/servers# cat spamhaus.org
216.168.28.44
204.69.234.1
204.74.101.1
204.152.184.186
#

No need to HUP -- once the file is created and filled with those IPs, it'll pick them up automatically. You can easily install dnscache with the other tools on your mail servers for 0 interuption of service.

Cheers.

Re:I work for a company...

[Silver+Sloth]

I don't normally reply to AC posts, and, as this is a 'me too' post it will probably be modded redundant, but...

I can back up the AC's statement. I work for an IT multinational and our e-mail servers run close to the edge. If we were to see a significant increase in e-mail levels, be it x4 or x10, or even x2, our e-mail system would grind to a halt. We, along with every organisation have become totally dependant on e-mail. For example, one of our customers requires that financial information it sent to the Bank of England by close of play every day. It is sent using (encrypted) e-mail. A delay of a few hours would give us major headaches. And yes, we could use alternative methods but it would take some time to put these in place.

If the preditions came true it would be bad for us.

Interesting legal argument.

[cperciva]

I'm starting to wonder about the sanity of Spamhaus' lawyers -- or if they really have lawyers at all. So far their arguments seem to have been

1. This case is at the wrong court, it should go to a federal court instead.
2. (to the federal court) We agreed that you had jurisdiction over this, but we're going to pretend that we didn't say that.
3. What? You've decided that we broke the law? Well, you shouldn't punish us because we're really nice people.

While I do not doubt Spamhaus' credentials as really nice people, this is hardly relevant to the case in question.

Re:Interesting legal argument.

[phooka.de]

The interesting legal argument here is, that by pointing out that the case is (among other flaws) on a level of jurisdiction that surely can't be right, you voluntarily subject yourself to whatever that legal systems likes to come up with next.

The next interesting legal argument here is, that the judge seems not to be a judge, but a referee. His job is not to descide what's right and what's wrong, but to make sure the rules of the game are observed. They can't even descide that the case does not belong before them.

The last interesting legal argument is, that if the one who's sued doesn't appear, the one who sues gets all they want. Hell, they should have asked for a billion or two along with eevryone working for spamhaus and their children, relatives and frieds as slaves (for the next 7 generations). By the logic of the US legal system, they might just have won that as well.

Would I have appeared bofore them? And let the spammer force me and my non-profit organization to accept to be financially crippled by the spammer's for-profit ressources? No, I'd have shown them the finger as well (living in Europe and feeling there's a lot of nice areas for vacation that are on this side of the pool, so I don't really need to visit the US).

Re:Hysterical claptrap

[deepb]

Spamhaus has no idea how many spams it actually blocks.

It's an estimate based on their query volume. That's certainly not going to produce an exact number, but it's way beyond having "no idea".

Suggestion to spamhaus

[rar]

Why don't spamhaus just remove the e360 adresses from their regular spam lists and add them to a new list named "addresses no longer blacklisted becuase we were sued and ordered to remove them"?

That list would then serve as a perfect permanent black list for all sysadmins who happen to think that people who sue spam lists might not be the kind of people who send worthwhile emails.

I would actually recommend even higher priority to that list in the spamassassin config file than spamhaus' regular blacklists :)...

Re:Trying to block spam is like...

[ArsenneLupin]

no its more like fighting a virus with asprin. You can remove the symptoms but it takes more to remove the problem.

In the human body's case there are white blood cells and the like which actively remove problems.

Hmm, so what would be the equivalent of white blood cells? Baseball bats?

Buggy post

[TapeCutter]

Meanwhile the rest of the planet will treat an unenforcable court order from this judge about as seriously as they would a court order from the judge in this case.

GP was missing the link above.

Spamhaus have their problems

Most of the comments I've read so far seem to be in favour of Spamhaus, and while I agree that they do some good work, they are not all good. Specifically, they seem over keen to blacklist address ranges without providing any proof, and very reluctant to unblock these.

I work for an ISP providing dedicated server hosting & colocation. Recently a couple of our customers contacted us saying that they had appeared on the Spamhaus blacklist, and were consequently having trouble sending e-mails. They claimed that they had not involved in any spamming activities, and that this listing was therefore incorrect. We found out that Spamhaus had blacklisted a range of our IP addresses (specifically a /27 subnet), and their explanation was that we were hosting someone from their ROKSO list.

While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities. When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).

When we refused to break our contract with our customer at the request of a third party (perfectly acceptable position imho!), Spamhaus said that if they blocked any of our customers in future, they would blacklist our entire network (which is a considerable amount of addresses). This is unacceptable in my view, they are essentially trying to hold us to ransom without providing any proof of activities. When talking with some other ISPs, we heard of similar stories. In one case, the ISP concerned suspended the spammer's account and contacted Spamhaus to have their blacklist removed, and were told that "due to under-staffing, Spamhaus would not be able to remove the blacklist entry for a couple of days. however, if they would like to make a donation to spamhaus, they would remove the entry much sooner".

To reiterate my earlier point, Spamhaus does provide a valuable service, there's not much doubt of this. But they way in which they are organised leaves a lot to be desired!

Questioning the Math/Assumptions

[carpeweb]

More than 90% of of all email is now spam
Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable

I think the math is a lot more complicated than this implies. Here's how I'd work it:

• P = % Spam (% of all sent mail)
• S(T) = Total Mail Sent
• S(S) = Spam Sent
• S(N) = Non-Spam Sent
• E(T) = Overall Filter Efficiency (% spam detected, Spamhaus + All Other Filters)
• E(S) = Spamhaus Filter Efficiency (% spam detected, Spamhaus Only)
• E(O) = Other Filter Efficiency (% spam detected, All Other Filters w/o Spamhaus)
• F(T) = Overall Type II Error Rate (% false positive, Spamhaus + All Other Filters)
• F(S) = Spamhaus Type II Error Rate (% false positive, Spamhaus Only)
• F(O) = Other Type II Error Rate (% false positive, All Other Filters w/o Spamhaus)
• R(T) = Total Mail Received
• R(S) = Spam Received
• R(N) = Non-Spam Received

We're interested in R(T) and what happens to it with and without Spamhaus. (Assuming we're still interested at all, since math sometimes does that ...).

With Spamhaus:

• R(T) = R(S) + R(N)
• R(T) = S(S) x [1-E(T)] + S(N) x [ 1-F(T)]
• R(T) = P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)]

Without Spamhaus:

• R(T) = R(S) + R(N)
• R(T) = S(S) x [1-E(O)] + S(N) x [ 1-F(O)]
• R(T) = P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)]

The difference, expressed as a ratio of (Without Spamhaus - With Spamhaus)/(With Spamhaus), is

[ P x S(O) x [1-E(O)] + (1-P) x S(O) x [1-F(O)] ] - [ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]

Divided By

[ P x S(T) x [1-E(T)] + (1-P) x S(T) x [1-F(T)] ]

The assumptions yielding either the ten-fold or the four-fold increase seem to be that E(O)=0, and of course that false positives don't matter. Even with these assumptions, the math in the OP is a bit fuzzy to me:

• E(O) = 0
• E(T) = E(S)
• F(O) = 0
• F(T) = 0 [i.e., F(S) = 0 as well]
  yields (reducing above ratio):
• [ P x S(T) + [ (1-P) x S(T) ] - [ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
  
  Divided By
  
  [ P x S(T) x (1-E(T)) + [ (1-P) x S(T) ] ]
• Which Reduces To:
  
  P x E(T) / [ 1 - [ P x E(T) ] ]

The ten-fold increase seems to be predicated upon both P=.9 and E(S)=E(T)=1. However, even if that were true, the increase would actually be nine-fold (.9/.1).

The four-fold increase seems to be predicated upon P=.9 and E(S)=E(T)=.75. However, this would yield about a two-fold increase of

[.9 x .75] / [ 1 - (.9 x .75) ] = 27/13 = 2.08 (approx.)

Factoring in false positives might actually make the Without Spamhaus scenario more dire, but clearly it would be less dire if we assume that E(O) is not zero. A better approximation would use the marginal efficiency of Spamhaus. Even with a generous assumption that Spamhaus catches an additional third of all spams sent (vs. all others without Spamhaus, and ignoring false positives), the overall increase in R(T) looks less than 50% to me (.3/.7, or approximately 43%).

Re:Questioning the Math/Assumptions

Interseting, here's some math that will benefit your employer:

• D = The working day
  
• W = Time spent working
  
• S = Time spent on slashdot
  

Your employer is interested in the time you spend working, hence:

D - S = W

Now you need only calculate the ratio of work to slashdot and drop the results with finance and HR.

Re:Trying to block spam is like...

[joto]

Ok, so let's make being stupid illegal. Your post was, IMO, right on track up to this.

For some reason, most people do not consider that as a realistic possibility. Personally, I think it should be illegal to be stupid, in a lot more situations than it is today.

This isn't exactly revolutionary. People are already being put into jail, for buying stolen goods, if the police can demonstrate that "they should have known it was stolen". And if you drive over some schoolkids while fondling with your car-radio, you are still guilty of murder. And if you are a surgeon and kills a patient through malpractice, you are also in deep trouble.

The society needs more legislation against stupidity, not less. It's too easy to excuse away all the damage you have done, by putting up the "I'm stupid" excuse. So, yes, let it be punishable for up to n years in jail, to through stupid or uninformed actions, create life more profitable for spammers.

Re:Use the UK server name!

[Digital+Vomit]

...it's not subject to US law

It's sad how this statement is becoming more and more associated with freedom nowadays.

You do not win a fight in the U.S. court system .

[WhiteWolf666]

. . . by threatening judges with impending doom.

Really. It doesn't work, unless, of course, you are the President, warning judges about terrorists.

Still, I've argued this point before; there's at least a few points of dispute regarding jurisidiction, and spamhaus should have showed up in court.

It doesn't matter if they are ultimately right; what matters is that it is not 100% clear cut, and as such, a judge will give a plaintiff a great deal of leeway in a default situation.

The Judge's reaction .....

[Alien54]

I can imagine the judges reaction when he realises that he decision has just sabotaged his own personal email. and the reaction of his/her friends when they find out that he/she is to blame for all of the extra spam they are suddenly getting.

Quantum mechanics.

When you have finite number of messages in the inbox, percentage of spam could only take some specific values and 99.9999% is not one among them.

Spam percentage of a 474 message inbox could only be 100%, 99.78903%, 99.57805%, 99.367089%, 99.156118% ....

Thought it would be funny, but it is not, but I am not going to waste all that typing calculation I did, so will hide behind anonymity ;-)

Re:Exactly, mod parent up!

I don't mod up people who say "could of".

servers choking...

[ninjaz]

First, some stats on the mail server I use from a year ago yesterday and yesterday:

October 15 2005 :

Pieces of spam blocked by realtime blocklists: 9062

Top blocklists:
sbl-xbl.spamhaus.org 7193
bl.spamcop.net 1648
dnsbl.njabl.org 221

October 15 2006:

Pieces of spam blocked by realtime blocklists: 47429

Top blocklists:
sbl-xbl.spamhaus.org 40631
bl.spamcop.net 5240
dnsbl.njabl.org 1558

As spamhaus is currently rejecting 40631 emails which consequently don't have to be processed by spamassassin, it would be definitely be felt on this server were Spamhaus to become available. In fact, the reason I started using RBLs to begin with was due to one of the Spamhaus ROKSO culprits sending about 20,000 messages per hour to a dictionary list of users at a hosted domain. The server was dying then, but using OpenBSD's pf databases together with the spamhaus SBL, the problem was stopped cold.