This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
- Previous message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
- Next message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jørgen Hovland
jorgen at hovland.cx
Mon Dec 27 12:29:11 CET 2010
Hi, On 26/12/2010 21:49, John S. Quarterman wrote: > >> "Comparing ASN rankings by spam volume from two different data sources... >> indicates there is enough correlation to have confidence in the rankings. >> " >> >> >> > The point of this particular article is exactly what you quoted: > there is enough correlation to have confidence in the rankings. > Some people don't believe it is possible to build such a ranking > system, so we have demonstrated that it is possible. > > Strictly speaking it isn't ranking the spam volume. It indicates how many IP-addresses per ASN that is added to a certain blocklist. It doesn't indicate the amount of spam from the IP or the ASN measured by customer and/or mail volume. >> But then what is the functional value of that knowledge? Is the point here >> that I can leave my umbrella at home when two or more of them say that it's >> not going to rain today? >> >> Is the point of Mr. Quarterman's study that certain entire ASNs may be >> safely or reasonably blacklisted? >> > The purpose of the proposed ranking system is that the organizations > that own the ASNs should be concerned that people might decide to > blacklist them, or, for example if the organization is a bank, > that people might not want to do business with a bank that has > sufficiently bad Internet security that it is emitting spam. > If an organization has that many vulnerabilities, some of them > may also be exploitable for DDoS attacks or for password sniffing > of customers or for other nefarious ends. > > So a quick summary: An ASN does not represent a single legal entity Spam in general cannot be defined It's not ranking the spam volume Yes, I am really concerned that people might decide to blacklist ASNs due to spam. It doesn't make any sense in almost all cases. But we already have blocklists aggressively doing that with netblocks (uceprotect, spamhaus etc). No serious mailprovider in my neighbourhood use those blocklists and no serious mailprovider would ever use an asn-blocklist like that to block mail or anything else. The good thing here is that as long as this ASN-blocklist list AS-numbers in the same manner as uceprotect, "nobody" will use it because it is useless. > Conversely, organizations that have good security should emit > very little spam, and they could brag about their good rankings > and thus retain and gain customers. > > Organizations that doesn't use mail at all will emit very little spam. Cheers,
- Previous message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
- Next message (by thread): [anti-abuse-wg] Re: Additional Layers for Economic Incentives to improve Internet Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]