Section on : Abuse detection and control
Presentation 2 is on Dynamic Port 25 Blocking to Control SPAM Zombies by Jonathan Schmidt.
In their experience dynamic blocking is almost as as effective as a total port 25 block this is since many end users don’t actually care about port 25 blocking. They had 5 out of 250,000 that cared in their region.
Presentation 3 is Miles Libbey Yahoo! about algorithmically determining store-and-forward MTA relays using DomainKeys. This is an interesting way of gathering forwarders using domainkeys to wind back the trusted headers to extract and assign reputation to the sending IP’s from the previous received line as provided by the forwarder.
Presentation 4 is Anrirudh Ramachandram from Georgia Tech on “Can DNS blacklists keep up with bots”. Interesting since I had breakfast this morning with Jeff Chan from surbl.org 
Highlighted are 2 distinct issues, detection (as in detection rate) and response (how long does it take to list). The buzzline is that 60% bots target just one domain, though he notes that this stat could be flawed.
1 Comment Received
July 28th, 2006 @4:22 pm
Anirudh, his prof Nick Feamster and David Dagon – all from GaTech – have been getting quite a lot of data from us over the past few months (since just after the Montreal MAAWG)
So AVR’s presentation is backed by analysis of a few truckloads of data, rather than the usual university department / single collocated box type mail streams that figure in a lot of research
Leave A Reply