Re: 95% of User Generated Content is spam or malicious

[Dan Kaminsky <dan () doxpara com>]

On Mon, Feb 22, 2010 at 8:23 AM, Rich Kulawiec <rsk () gsp org> wrote:
> On Mon, Feb 22, 2010 at 07:34:56AM -0500, Dan Kaminsky wrote:
> > All I know is that I have a couple of email accounts that get
> > negligible amounts of spam.  Oh, they're *sent* huge amounts, but they
> > receive almost none.
>
> But this is not the only metric with which to evaluate mail defenses.

I disagree.  This is the only metric that matters:  In 2007, I got a
lot of spam.  In 2010, I get a few messages *a month*.

A MONTH!

> Anyway, one of the direct consequences of this reality is that testing
> methodologies need to be very carefully constructed.  Anyone who
> just plugs boxes from vendors X Y and Z into their network and does a
> head-to-head comparison is not going to get a true picture of how those
> systems really compare: they're only going to get a limited picture of how
> those systems compare at the moment on their network(s) on their ASN(s)
> with their domain(s).

Spam fighting as a product seems to be having problems.  Spam fighting
as a service is doing extremely well.

Who knows.  Maybe the bad guys are reverse engineering all the
products, but can't do the same to the services.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.