Re: Anti-Spam Router -- opinions?

[Valdis.Kletnieks () vt edu]

On Tue, 06 Apr 2004 11:02:33 EDT, Joe Abley said:

> How do you distinguish between a home user sending twenty legitimate, 
> real messages per day, and a home user whose PC has been 0wned, and 
> which is sending twenty illegitimate messages per day?

Back of the envelope handwaving calculation (we're not worrying about
exact numbers, merely having somewhere near the right number of zeros):

Media reported that Hotmail was rejecting 2 billion pieces of mail a day (and
that's not including AOL, Yahoo, and every single smaller ISP - our site alone
is seeing several million a day).  Let's say it adds up to 10 billion across the
board.

Let's assume that 75% of spam is sent via hijacked zombie machines.  This
would mean that to get 7.5 billion spams/day at 20 msgs/day/zombie,
you'd need several hundred million compromised machines.  And even though
the average machine is woefully insecure, there's not THAT many zombies.

On the other hand, 20K msgs/day/zombie is only about 1 ever 4 seconds,
not enough to make the average cablemodem user notice - and reduces the
number of zombies down to several million - a much more plausible number.

If you rate-limit 2 million compromised machines to 20 msgs/day each,
there's only  400 million spams.  Total.

Attachment: _bin
Description: