Catching Spam by Looking at Traffic, Not Content

AngryDad writes "HexView has proposed a method to deal with spam without scanning actual message bodies. The method is based solely on traffic analysis. They call it STP (Source Trust Prediction). A server, like a Real-time Spam Black list, collects SMTP session source and destination addresses from participating Mail Transfer Agents (MTAs) and applies statistics to identify spam-like traffic patterns. A credibility score is returned to the MTA, so it can throttle down or drop possibly unwanted traffic. While I find it questionable, the method might be useful when combined with traditional keyword analysis." What do you think? Is this snake oil, or is there something to this?

Re:Problem

[cdrguru]

You apparently don't get it. First rule of anti-spammers is "Spammers lie". The second rule is there is no such thing as a voluntary, opt-in managed mailing list that isn't just spam.

So, you say your business is legitimate. Obviously, you are lying. Spammers lie.

But your list is opt-in and only send legitimate email? Too bad, if someone gets it that forgot they signed up, it's spam. Therefore, you are a spammer.

While this technique might hold some value, it isn't going to counter the way spam is being sent today - not from a single source but from many, many sources.